[syslog-ng] Elastic 5 Support For More Than HTTP?
Fabien Wernli
wernli at in2p3.fr
Fri Dec 8 08:23:32 UTC 2017
Hi,
On Thu, Dec 07, 2017 at 11:00:03PM +0000, JONATHAN PRICE wrote:
> A project I'm working on is wanting to leverage syslog-ng as our log
> shipper, but we're ideally wanting it to communicate with Elasticsearch
> 5 over HTTPS or searchguard. My understanding is current support is
> only for HTTP for Elastic 5.
HTTPS support is merged since 3.10.1
We're using it on a ES 5.3.2 with Searchguard.
Here's our config (stripped down), FWIW:
elasticsearch2(
client-lib-dir("/usr/share/elasticsearch/plugins/search-guard-5/*.jar:/usr/share/elasticsearch/lib/")
client-mode(https)
server("esnode01 esnode02 esnode03")
java_keystore_filepath("/etc/syslog-ng/coloss-analyzer-keystore.jks")
java_keystore_password("changeit")
java_truststore_filepath("/etc/elasticsearch/coloss/truststore.jks")
java_truststore_password("changeme")
http_auth_type("clientcert")
time-zone("UTC")
index("syslog-${YEAR}-${MONTH}-${DAY}")
type("syslog")
...
);
More information about the syslog-ng
mailing list