Hi,

Beats can send logs either to Logstash, Elasticsearch or Kafka. I gave the protocol used with Elasticsearch a try, but it does not work unfortunately. It's a two way protocol, so even if I got JSON sent by Beats parsed by syslog-ng, communication died quickly between the two. Finally I gave up and used Logstash between Beats and syslog-ng, just as Scot. My blog discusses extracting original syslog messages from messages collected by filebeat: https://www.balabit.com/blog/sending-logs-logstash-syslog-ng/ Other Beats messages should work similarly and you can most likely spare some of the dark magic employed :)

Bye,

Peter Czanik (CzP) <peter.czanik@balabit.com>
Balabit / syslog-ng upstream
https://www.balabit.com/blog/author/peterczanik/
https://twitter.com/PCzanik

On Wed, Jan 10, 2018 at 10:42 PM, Evan Rempel <erempel@uvic.ca> wrote:

Looking for a clean way to get beats products to send data to syslog-ng.

Does anyone have a working example?

--
Evan

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq