Hi, On Thu, Dec 07, 2017 at 11:00:03PM +0000, JONATHAN PRICE wrote:
A project I'm working on is wanting to leverage syslog-ng as our log shipper, but we're ideally wanting it to communicate with Elasticsearch 5 over HTTPS or searchguard. My understanding is current support is only for HTTP for Elastic 5.
HTTPS support is merged since 3.10.1 We're using it on a ES 5.3.2 with Searchguard. Here's our config (stripped down), FWIW: elasticsearch2( client-lib-dir("/usr/share/elasticsearch/plugins/search-guard-5/*.jar:/usr/share/elasticsearch/lib/") client-mode(https) server("esnode01 esnode02 esnode03") java_keystore_filepath("/etc/syslog-ng/coloss-analyzer-keystore.jks") java_keystore_password("changeit") java_truststore_filepath("/etc/elasticsearch/coloss/truststore.jks") java_truststore_password("changeme") http_auth_type("clientcert") time-zone("UTC") index("syslog-${YEAR}-${MONTH}-${DAY}") type("syslog") ... );