[syslog-ng] syslog-ng 3.7.2 + ES 2.2.0
Evan Rempel
erempel at uvic.ca
Fri Mar 4 23:24:17 CET 2016
On 03/03/2016 09:45 PM, Fabien Wernli wrote:
> Hi,
>
> On Thu, Mar 03, 2016 at 02:27:34PM -0800, Evan Rempel wrote:
>> It seems like (I have not confirmed) that when the ES destination in
>> syslog-ng is running in client_mode("node") it seems to run as if it
>> were a full fledged ES node. This means that the syslog-ng destination
>> can NOT run in this mode on a system that is also running the ES code.
> While your assumption that syslog-ng is running a fully fledged ES node is
> true, your conclusion is not. You *can* run both on the same host.
I interpret your statement as "you can run both *functions* on the same
host, meaning
that a host running syslog-ng and a syslog-ng instantiated ES node can
ingest, index
and store the ES documents.
What I was stating was that you could not have an ES instance started by
/sbin/service elasticsearch start
AND one started by syslog-ng as a syslog-ng destination because that is
effectively
running two ES instances on one host (perhaps this can be done with
different ports/IPs?)
Correct me if I misunderstand. I'm still quite new to this.
Evan.
> On a side note, in "node" mode it would probably be possible to configure
> syslog-ng's ES instance to data=true, and thus make it actually store data.
> But I wouldn't recommend this unless it's the only process actually indexing
> data to ES.
>
>
More information about the syslog-ng
mailing list