Syslog is a widely used standard for centralizing and formatting log data generated by network devices, and is supported by most Unix-like operating systems. The standard typically utilizes port 514 and the UDP protocol for log transmission, though port 6514 with TCP and TLS encryption is recommended for enhanced security and reliability. This guide explores using Logstash to collect Syslog messages and send them to Elasticsearch for efficient data ingestion and search functionality. It details two methods: one where the Syslog daemon forwards logs to a central server running Logstash via a TCP connection, and another where Logstash monitors log files directly on each server or device. The text provides step-by-step instructions on configuring these setups, emphasizing the importance of having Logstash ready to receive data before configuring Syslog daemons, and highlights the advantages of centralizing logs such as easier accessibility and protection against data loss from server failures or malicious attacks.