[syslog-ng] Convert logstash filters to syslog-ng
peter.czanik at balabit.com
Wed Apr 26 07:47:00 UTC 2017
Could you share your Logstash configuration with us? (At least the part
which can be anonimized) I don't have much Logstash experience, but can
help you figuring out which are the corresponding syslog-ng features. In
the end it could be used as a Logstash to syslog-ng guide.
Peter Czanik (CzP) <peter.czanik at balabit.com>
Balabit / syslog-ng upstream
On Mon, Apr 24, 2017 at 3:42 PM, C. L. Martinez <carlopmart at gmail.com>
> Hi all,
> I would like to drop Logstash collector from our ELK infrastructure and
> use syslog-ng instead. This ELK infrastructure collects, report and show
> dashboards about security devices: firewalls, anti-spam devices, etc.
> Most of these logs arrives from rsyslog collectors (deployed in several
> linux and BSD machines). I have seen in Balabit's blog page how this could
> be done: https://www.balabit.com/blog/how-to-parse-data-with-syslog-
> ng-store-in-elasticsearch-and-analyze-with-kibana/ and
> The most important point here is to test all configured logstash filters
> inside syslog-ng: GeoIP patterns, some substitution params, etc. Any tips
> or tricks to accomplish this type of change?
> Many thanks.
> C. L. Martinez
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the syslog-ng