Hi, Beats can send logs either to Logstash, Elasticsearch or Kafka. I gave the protocol used with Elasticsearch a try, but it does not work unfortunately. It's a two way protocol, so even if I got JSON sent by Beats parsed by syslog-ng, communication died quickly between the two. Finally I gave up and used Logstash between Beats and syslog-ng, just as Scot. My blog discusses extracting original syslog messages from messages collected by filebeat: https://www.balabit.com/blog/sending-logs-logstash-syslog-ng/ Other Beats messages should work similarly and you can most likely spare some of the dark magic employed :) Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream https://www.balabit.com/blog/author/peterczanik/ https://twitter.com/PCzanik On Wed, Jan 10, 2018 at 10:42 PM, Evan Rempel <erempel@uvic.ca> wrote:
Looking for a clean way to get beats products to send data to syslog-ng.
Does anyone have a working example?
-- Evan
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq