I am already using syslog-ng the question is on filtering and tagging platforms.

syslog-ng

Can parse streams and accomplish this in read time
Can input directly to es2 eliminating a 3rd stage of processing

Logstash

Broader range of user contributed filters
Can also work on a stream but not a replacement functionality for syslog.
Standardized filter, tagging platform. If you are going to use logstash for other solutions then doesn’t it make sense to use it for all.

On Apr 25, 2016, at 5:16 AM, Fabien Wernli <wernli@in2p3.fr> wrote:

Hi Scot,

On Wed, Apr 20, 2016 at 01:00:26PM -0400, Scot Needy wrote:
Logstash
I think I’m going to need to re-introduce logstash just to leverage the existing open source material of logstash filters and Kibana desktops.
VMware, ASA for example but wanted more real time data. I could probably do the realtime tags with pattendb.

Just so you know, there actually is a grok parser in the incubator
so this could help you migrate to syslog-ng.

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq