[syslog-ng] ELK herd to scale

Scot Needy scotrn at gmail.com
Mon Apr 25 15:55:51 CEST 2016


Not sure if this thread is going the right way as there are several ways to accomplish the end goal of ES2 indexes. 

I am already using syslog-ng the question is on filtering and tagging platforms. 

syslog-ng 
Can parse streams and accomplish this in read time
Can input directly to es2 eliminating a 3rd stage of processing
Logstash 
Broader range of user contributed filters 
Can also work on a stream but not a replacement functionality for syslog. 
Standardized filter, tagging platform. If you are going to use logstash for other solutions then doesn’t it make sense to use it for all. 



> On Apr 25, 2016, at 5:16 AM, Fabien Wernli <wernli at in2p3.fr> wrote:
> 
> Hi Scot,
> 
> On Wed, Apr 20, 2016 at 01:00:26PM -0400, Scot Needy wrote:
>> Logstash
>> I think I’m going to need to re-introduce logstash just to leverage the existing open source material of logstash filters and Kibana desktops. 
>> VMware, ASA for example but wanted more real time data. I could probably do the realtime tags with pattendb. 
> 
> Just so you know, there actually is a grok parser in the incubator
> so this could help you migrate to syslog-ng.
> 
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160425/ea0a4a6c/attachment.htm 


More information about the syslog-ng mailing list