[syslog-ng] Convert logstash filters to syslog-ng

C. L. Martinez carlopmart at gmail.com
Mon Apr 24 13:42:43 UTC 2017

Hi all,

 I would like to drop Logstash collector from our ELK infrastructure and use syslog-ng instead. This ELK infrastructure collects, report and show dashboards about security devices: firewalls, anti-spam devices, etc.

 Most of these logs arrives from rsyslog collectors (deployed in several linux and BSD machines). I have seen in Balabit's blog page how this could be done: https://www.balabit.com/blog/how-to-parse-data-with-syslog-ng-store-in-elasticsearch-and-analyze-with-kibana/ and https://www.balabit.com/blog/collecting-and-parsing-suricata-logs-using-syslog-ng/.

 The most important point here is to test all configured logstash filters inside syslog-ng: GeoIP patterns, some substitution params, etc. Any tips or tricks to accomplish this type of change?

Many thanks.

C. L. Martinez

More information about the syslog-ng mailing list