[syslog-ng] Elastic 5 Support For More Than HTTP?

Fabien Wernli wernli at in2p3.fr
Fri Dec 8 08:23:32 UTC 2017


Hi,

On Thu, Dec 07, 2017 at 11:00:03PM +0000, JONATHAN PRICE wrote:
> A project I'm working on is wanting to leverage syslog-ng as our log 
> shipper, but we're ideally wanting it to communicate with Elasticsearch 
> 5 over HTTPS or searchguard.  My understanding is current support is 
> only for HTTP for Elastic 5.

HTTPS support is merged since 3.10.1
We're using it on a ES 5.3.2 with Searchguard.

Here's our config (stripped down), FWIW:

elasticsearch2(
  client-lib-dir("/usr/share/elasticsearch/plugins/search-guard-5/*.jar:/usr/share/elasticsearch/lib/")
  client-mode(https)
  server("esnode01 esnode02 esnode03")
  java_keystore_filepath("/etc/syslog-ng/coloss-analyzer-keystore.jks")
  java_keystore_password("changeit")
  java_truststore_filepath("/etc/elasticsearch/coloss/truststore.jks")
  java_truststore_password("changeme")
  http_auth_type("clientcert")
  time-zone("UTC")
  index("syslog-${YEAR}-${MONTH}-${DAY}")
  type("syslog")
  ...
);



More information about the syslog-ng mailing list