[syslog-ng] Convert logstash filters to syslog-ng

Czanik, P├ęter peter.czanik at balabit.com
Wed Apr 26 07:47:00 UTC 2017


Could you share your Logstash configuration with us? (At least the part
which can be anonimized) I don't have much Logstash experience, but can
help you figuring out which are the corresponding syslog-ng features. In
the end it could be used as a Logstash to syslog-ng guide.


Peter Czanik (CzP) <peter.czanik at balabit.com>
Balabit / syslog-ng upstream

On Mon, Apr 24, 2017 at 3:42 PM, C. L. Martinez <carlopmart at gmail.com>

> Hi all,
>  I would like to drop Logstash collector from our ELK infrastructure and
> use syslog-ng instead. This ELK infrastructure collects, report and show
> dashboards about security devices: firewalls, anti-spam devices, etc.
>  Most of these logs arrives from rsyslog collectors (deployed in several
> linux and BSD machines). I have seen in Balabit's blog page how this could
> be done: https://www.balabit.com/blog/how-to-parse-data-with-syslog-
> ng-store-in-elasticsearch-and-analyze-with-kibana/ and
> https://www.balabit.com/blog/collecting-and-parsing-
> suricata-logs-using-syslog-ng/.
>  The most important point here is to test all configured logstash filters
> inside syslog-ng: GeoIP patterns, some substitution params, etc. Any tips
> or tricks to accomplish this type of change?
> Many thanks.
> --
> Greetings,
> C. L. Martinez
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170426/f385fa3e/attachment.html>

More information about the syslog-ng mailing list