<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Not sure if this thread is going the right way as there are several ways to accomplish the end goal of ES2 indexes. <div class=""><div class=""><br class=""></div><div class="">I am already using syslog-ng the question is on filtering and tagging platforms. </div><div class=""><br class=""></div><div class="">syslog-ng </div><div class=""><ul class="MailOutline"><li class="">Can parse streams and accomplish this in read time</li><li class="">Can input directly to es2 eliminating a 3rd stage of processing</li></ul></div><div class="">Logstash </div><div class=""><ul class="MailOutline"><li class="">Broader range of user contributed filters </li><li class="">Can also work on a stream but not a replacement functionality for syslog. </li><li class=""><b class="">Standardized filter, tagging platform. If you are going to use logstash for other solutions then doesn’t it make sense to use it for all</b>. </li></ul><div class=""><div class=""><br class=""></div><div class=""><br class=""><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Apr 25, 2016, at 5:16 AM, Fabien Wernli <<a href="mailto:wernli@in2p3.fr" class="">wernli@in2p3.fr</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">Hi Scot,<br class=""><br class="">On Wed, Apr 20, 2016 at 01:00:26PM -0400, Scot Needy wrote:<br class=""><blockquote type="cite" class="">Logstash<br class="">I think I’m going to need to re-introduce logstash just to leverage the existing open source material of logstash filters and Kibana desktops. <br class="">VMware, ASA for example but wanted more real time data. I could probably do the realtime tags with pattendb. <br class=""></blockquote><br class="">Just so you know, there actually is a grok parser in the incubator<br class="">so this could help you migrate to syslog-ng.<br class=""><br class="">______________________________________________________________________________<br class="">Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" class="">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br class="">Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" class="">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br class="">FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" class="">http://www.balabit.com/wiki/syslog-ng-faq</a><br class=""><br class=""></div></blockquote></div><br class=""></div></div></div></div></div></body></html>