At the moment I am focused on winlogbeats. The latest releases of winlogbeats don't have a streaming json output. This means that the json parser will not accept the raw data.

I will also want to use filebeat as well.

I would be happy with a way for syslog-ng to consume any of the output formats of the Elastic Beats family. The list is

Elasticsearch
Logstash
Kafka
Redis


My understanding is that Logstash is really the lumberjack protocol version 2.

I think that the only 2 realistic formats for consumption by syslog-ng would be Logstash or Kafka. The Elasticsearch protocol is over http(s) which is not a good fit for syslog-ng input.

Evan.

On 01/10/2018 09:43 PM, Laszlo Budai wrote:
Hi,

you mean Elastic Beats? Could you share your use case in more details(what kind of beats you would like to use, and so on)?

regards,
Laszlo Budai

Get Outlook for iOS
From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Scot <scotrn@gmail.com>
Sent: Thursday, January 11, 2018 2:47:52 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Anyone sourcing from beats
 
Posted in thread.  

Re: Re: [syslog-ng] Syslog-ng input for beats ? [SUMMARY01]



On Wed, Jan 10, 2018 at 4:42 PM, Evan Rempel <erempel@uvic.ca> wrote:
Looking for a clean way to get beats products to send data to syslog-ng.

Does anyone have a working example?

--
Evan