4 Mar
2016
4 Mar
'16
6:45 a.m.
Hi, On Thu, Mar 03, 2016 at 02:27:34PM -0800, Evan Rempel wrote:
It seems like (I have not confirmed) that when the ES destination in syslog-ng is running in client_mode("node") it seems to run as if it were a full fledged ES node. This means that the syslog-ng destination can NOT run in this mode on a system that is also running the ES code.
While your assumption that syslog-ng is running a fully fledged ES node is true, your conclusion is not. You *can* run both on the same host. On a side note, in "node" mode it would probably be possible to configure syslog-ng's ES instance to data=true, and thus make it actually store data. But I wouldn't recommend this unless it's the only process actually indexing data to ES.