[syslog-ng] syslog-ng 3.7.2 + ES 2.2.0
Fabien Wernli
wernli at in2p3.fr
Fri Mar 4 06:45:39 CET 2016
Hi,
On Thu, Mar 03, 2016 at 02:27:34PM -0800, Evan Rempel wrote:
> It seems like (I have not confirmed) that when the ES destination in
> syslog-ng is running in client_mode("node") it seems to run as if it
> were a full fledged ES node. This means that the syslog-ng destination
> can NOT run in this mode on a system that is also running the ES code.
While your assumption that syslog-ng is running a fully fledged ES node is
true, your conclusion is not. You *can* run both on the same host.
On a side note, in "node" mode it would probably be possible to configure
syslog-ng's ES instance to data=true, and thus make it actually store data.
But I wouldn't recommend this unless it's the only process actually indexing
data to ES.
More information about the syslog-ng
mailing list