syslog configuration best practice for security onion

[udi-mosh]

Version

2.4.90

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Distributed

Location

airgap

Hardware Specs

Meets minimum requirements

CPU

24

RAM

128

Storage for /

500GB

Storage for /nsm

6TB

Network Traffic Collection

tap

Network Traffic Speeds

1Gbps to 10Gbps

Status

No, one or more services are failed (please provide detail below)

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

Hello,
i want to configure everything in my network to send logs as syslog.
i know that the recommended configuration is to use integrations but i am not keen of using different port then the standard udp 514. i am also aware to the custom udp logs integration which also use different port.
i have 1 manager-search and 1 forwarder and i send all my logs to the 1st.
how can i configure it to receive on udp 514 and what will i loose if i do not use the integration. for ex. aruba.
10x

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[dougburks]

If you use a specific integration for a specific log type, then the logs will be fully parsed allowing you to slice and dice all of the fields separately in our user interfaces like Dashboards and Hunt.

If you don't use a specific integration, but instead use plain syslog, then the logs will not be parsed by default and you would need to develop your own parsers from scratch.

We recommend using a specific integration so that you get fully parsed logs without additional effort.

For more information, please see:
https://docs.securityonion.net/en/2.4/syslog.html
https://docs.securityonion.net/en/2.4/third-party-integrations.html

[udi-mosh]

thank you very much.