[syslog-ng] ELK herd to scale
Scot Needy
scotrn at gmail.com
Mon Apr 25 15:55:51 CEST 2016
Not sure if this thread is going the right way as there are several ways to accomplish the end goal of ES2 indexes.
I am already using syslog-ng the question is on filtering and tagging platforms.
syslog-ng
Can parse streams and accomplish this in read time
Can input directly to es2 eliminating a 3rd stage of processing
Logstash
Broader range of user contributed filters
Can also work on a stream but not a replacement functionality for syslog.
Standardized filter, tagging platform. If you are going to use logstash for other solutions then doesn’t it make sense to use it for all.
> On Apr 25, 2016, at 5:16 AM, Fabien Wernli <wernli at in2p3.fr> wrote:
>
> Hi Scot,
>
> On Wed, Apr 20, 2016 at 01:00:26PM -0400, Scot Needy wrote:
>> Logstash
>> I think I’m going to need to re-introduce logstash just to leverage the existing open source material of logstash filters and Kibana desktops.
>> VMware, ASA for example but wanted more real time data. I could probably do the realtime tags with pattendb.
>
> Just so you know, there actually is a grok parser in the incubator
> so this could help you migrate to syslog-ng.
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160425/ea0a4a6c/attachment.htm
More information about the syslog-ng
mailing list