[syslog-ng] Convert logstash filters to syslog-ng

Fabien Wernli wernli at in2p3.fr
Mon Apr 24 21:41:28 UTC 2017


On Mon, Apr 24, 2017 at 01:42:43PM +0000, C. L. Martinez wrote:
>  The most important point here is to test all configured logstash filters inside syslog-ng: GeoIP patterns, some substitution params, etc. Any tips or tricks to accomplish this type of change?

If you have a lot of grok patterns, you might want to look at the grok
parser in syslog-ng-incubator, which will let you use your existing rules
out of the box.

In the long term you will probably want to convert them to patterndb rules,
the documentation of which is very complete.


More information about the syslog-ng mailing list