Not sure if this thread is going the right way as there are several ways to accomplish the end goal of ES2 indexes. I am already using syslog-ng the question is on filtering and tagging platforms. syslog-ng Can parse streams and accomplish this in read time Can input directly to es2 eliminating a 3rd stage of processing Logstash Broader range of user contributed filters Can also work on a stream but not a replacement functionality for syslog. Standardized filter, tagging platform. If you are going to use logstash for other solutions then doesn’t it make sense to use it for all.
On Apr 25, 2016, at 5:16 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
Hi Scot,
On Wed, Apr 20, 2016 at 01:00:26PM -0400, Scot Needy wrote:
Logstash I think I’m going to need to re-introduce logstash just to leverage the existing open source material of logstash filters and Kibana desktops. VMware, ASA for example but wanted more real time data. I could probably do the realtime tags with pattendb.
Just so you know, there actually is a grok parser in the incubator so this could help you migrate to syslog-ng.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq