Thanks for all the feedback folks that has clarified things significantly. I am moving from ELSA to ES for some targeted applications (firstly our authentication database an then IDS and friends).
From this discussion I will probably try Fabien’s perl module. Luckily in my case performance is not a major issue — 1000 EPS is fine.
Russell On 23/10/2014, at 12:17 pm, Russell Fulton <r.fulton@auckland.ac.nz> wrote:
Hi
We are already using the open source version of syslog-ng and I am about to set up some elastic search instances and would much prefer to feed data direct from syslog-ng rather than go through logstash (I already have a heap of patterndb parsers and performance should be way better!)
I have spent an hour or so with Google and have found various references to elastic search destination being available but I can find no mention of it in the release notes for 3.6.1. I have also downloaded the the tarball and unpacked it but could not find any evidence of the module , nore is there any mention of it in the manual.
As of now what is the recommended way of getting parsed data from OS syslog-ng into ES?
Thanks, Russell
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq