[syslog-ng] Elastic Search destination with x-pack

Scot Needy scotrn at gmail.com
Wed Oct 5 15:39:28 UTC 2016


I know its not officially supported. This is a test system at home running CentOS7, syslog-ng 3.8 from repo and the latest 5.0 ES Stack. 

Everything works fine without x-Pack using the http client-mode but x-pack does not appear to be Shield. 
https://www.elastic.co/guide/en/x-pack/5.0/security-migration.html#_removed_privileges <https://www.elastic.co/guide/en/x-pack/5.0/security-migration.html#_removed_privileges>

Just trying to prepare for when the ES5 stack is GA. 


> On Oct 5, 2016, at 3:34 AM, Fabien Wernli <wernli at in2p3.fr> wrote:
> 
> Hi Scot,
> 
> On Wed, Oct 05, 2016 at 02:40:44AM -0400, Scot Needy wrote:
>> Installed the x-pack to secure my ES instance and Kibana but noticed there does not seem to be any docs on how to handle ES authentication in from syslog-ng.conf. 
> 
> I think you're looking for `client-mode(shield)` as stated later in the
> documentation [1].
> 
> FWIW I successfully tested it some time ago.
> 
> Cheers
> 
> --
> [1]
> https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/destination-elasticsearch2-client-modes.html
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20161005/02670b2e/attachment.html>


More information about the syslog-ng mailing list