So i have install syslog-ng and elasticsearch ... can you give me some syslog-ng configuration to send this log to elasitcsearch ? For now i have the following: source s_sys { system(); internal(); network(ip(0.0.0.0) port(6514) flags(syslog-protocol) transport("tls") tls(key_file("/etc/syslog-ng/cert.d/serverkey.pem") cert_file("/etc/syslog-ng/cert.d/servercert.pem") ca_dir("/etc/syslog-ng/ca.d") ) ); }; everything else is default .... Ivan On 05/26/2016 01:34 PM, Fabien Wernli wrote:
On Thu, May 26, 2016 at 12:51:45PM +0200, Ivan Adji - Krstev wrote:
From what i have understand for now, ES is some kind of PatternDB ? or some kind of NoSQL ? And the scenario will be: Syslog-NG will send the logs to PatternDB and will stored into ES, and Kibana is the one that will represent ? From syslog-ng's point of view, patterndb is a parser and elasticsearch or elasticsearch2 is a destnation driver.
So ES is "some kind of NoSQL" to cite you. And Kibana is just a GUI which will interact with ES' API.
And what will be the steps and configurations for the Syslog-NG ? Reading the official documentation would be a good start:
https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-g...
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq