<div dir="ltr"><div><div>Hi,<br><br></div>Beats can send logs either to Logstash, Elasticsearch or Kafka. I gave the protocol used with Elasticsearch a try, but it does not work unfortunately. It's a two way protocol, so even if I got JSON sent by Beats parsed by syslog-ng, communication died quickly between the two. Finally I gave up and used Logstash between Beats and syslog-ng, just as Scot. My blog discusses extracting original syslog messages from messages collected by filebeat: <a href="https://www.balabit.com/blog/sending-logs-logstash-syslog-ng/">https://www.balabit.com/blog/sending-logs-logstash-syslog-ng/</a> Other Beats messages should work similarly and you can most likely spare some of the dark magic employed :)<br><br></div>Bye,<br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Peter Czanik (CzP) <<a href="mailto:peter.czanik@balabit.com" target="_blank">peter.czanik@balabit.com</a>><br>Balabit / syslog-ng upstream<br><a href="https://www.balabit.com/blog/author/peterczanik/" target="_blank">https://www.balabit.com/blog/author/peterczanik/</a><br><a href="https://twitter.com/PCzanik" target="_blank">https://twitter.com/PCzanik</a></div></div></div></div>
<br><div class="gmail_quote">On Wed, Jan 10, 2018 at 10:42 PM, Evan Rempel <span dir="ltr"><<a href="mailto:erempel@uvic.ca" target="_blank">erempel@uvic.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Looking for a clean way to get beats products to send data to syslog-ng.<br>
<br>
Does anyone have a working example?<span class="HOEnZb"><font color="#888888"><br>
<br>
-- <br>
Evan<br>
<br>
______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailm<wbr>an/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support<wbr>/documentation/?product=<wbr>syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/sy<wbr>slog-ng-faq</a><br>
<br>
</font></span></blockquote></div><br></div>