[syslog-ng] Beat to syslog-ng
Scot
scotrn at gmail.com
Tue Nov 7 14:29:23 UTC 2017
Yes ALL beats traffic can use the same TCP port and input config. I use
logstash as an aggregation point for beats endpoints then send directly to
syslog-ng.
Tested Filebeat Linux/Windows, winlogbeat, packetbeat and metricbeat.
See my thread Re: [syslog-ng] Syslog-ng input for beats ? [SUMMARY01]
On Thu, Nov 2, 2017 at 10:51 AM, Czanik, Péter <peter.czanik at balabit.com>
wrote:
> Hi,
>
> Somehow related to my previous e-mail: I was asked if Filebeat can send
> logs directly into syslog-ng.
>
> None of the network destinations of Beat are supported by syslog-ng, but I
> did a quick check and we can read and parse the file destination of Beat.
>
> Filebeat module functionality can be practically replaced by syslog-ng and
> one of its parsers. But there are quite a few other Beat applications.
>
> Question: is there a practical use case for syslog-ng reading the file
> output of a Beat module? Do you use it anywhere?
>
> Bye,
>
> Peter Czanik (CzP) <peter.czanik at balabit.com>
> Balabit / syslog-ng upstream
> https://www.balabit.com/blog/author/peterczanik/
> https://twitter.com/PCzanik
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20171107/1976a5b9/attachment.html>
More information about the syslog-ng
mailing list