Hello,

 

I am trying to set up syslog-ng to elasticsearch, not using as the middleware. According to https://www.balabit.com/blog/elasticsearch-and-syslog-ng-fast-and-simple/

 

it is doable.  However, I am not finding an example that works for my config.

 

I have syslog-ng version 3.11

Elasticsearch 2.4.6

 

All running on one machine with Ubuntu 16.04.

 

My syslog-ng is standard with the @include for the conf.d directory.  In which I had hoped to create a working elsasticsearch.conf to define the how to send the logs.

Likewise I have syslog-ng-mod-elasticsearch installed.

 

Any help or pointing me to some examples would be great.

 

Thanks

 

 

Blake Pomeroy

Security Engineer

Cloud Engineering/InfoSec

EBSCO

Desk 978-356-6500 x3693

www.ebsco.com