Hi, Somehow related to my previous e-mail: I was asked if Filebeat can send logs directly into syslog-ng. None of the network destinations of Beat are supported by syslog-ng, but I did a quick check and we can read and parse the file destination of Beat. Filebeat module functionality can be practically replaced by syslog-ng and one of its parsers. But there are quite a few other Beat applications. Question: is there a practical use case for syslog-ng reading the file output of a Beat module? Do you use it anywhere? Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream https://www.balabit.com/blog/author/peterczanik/ https://twitter.com/PCzanik
Yes ALL beats traffic can use the same TCP port and input config. I use logstash as an aggregation point for beats endpoints then send directly to syslog-ng. Tested Filebeat Linux/Windows, winlogbeat, packetbeat and metricbeat. See my thread Re: [syslog-ng] Syslog-ng input for beats ? [SUMMARY01] On Thu, Nov 2, 2017 at 10:51 AM, Czanik, Péter <peter.czanik@balabit.com> wrote:
Hi,
Somehow related to my previous e-mail: I was asked if Filebeat can send logs directly into syslog-ng.
None of the network destinations of Beat are supported by syslog-ng, but I did a quick check and we can read and parse the file destination of Beat.
Filebeat module functionality can be practically replaced by syslog-ng and one of its parsers. But there are quite a few other Beat applications.
Question: is there a practical use case for syslog-ng reading the file output of a Beat module? Do you use it anywhere?
Bye,
Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream https://www.balabit.com/blog/author/peterczanik/ https://twitter.com/PCzanik
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (2)
-
Czanik, Péter
-
Scot