[syslog-ng] Convert logstash filters to syslog-ng
C. L. Martinez
carlopmart at gmail.com
Mon Apr 24 13:42:43 UTC 2017
Hi all,
I would like to drop Logstash collector from our ELK infrastructure and use syslog-ng instead. This ELK infrastructure collects, report and show dashboards about security devices: firewalls, anti-spam devices, etc.
Most of these logs arrives from rsyslog collectors (deployed in several linux and BSD machines). I have seen in Balabit's blog page how this could be done: https://www.balabit.com/blog/how-to-parse-data-with-syslog-ng-store-in-elasticsearch-and-analyze-with-kibana/ and https://www.balabit.com/blog/collecting-and-parsing-suricata-logs-using-syslog-ng/.
The most important point here is to test all configured logstash filters inside syslog-ng: GeoIP patterns, some substitution params, etc. Any tips or tricks to accomplish this type of change?
Many thanks.
--
Greetings,
C. L. Martinez
More information about the syslog-ng
mailing list