[syslog-ng] Anyone sourcing from beats
Czanik, Péter
peter.czanik at balabit.com
Thu Jan 11 08:40:17 UTC 2018
Hi,
Beats can send logs either to Logstash, Elasticsearch or Kafka. I gave the
protocol used with Elasticsearch a try, but it does not work unfortunately.
It's a two way protocol, so even if I got JSON sent by Beats parsed by
syslog-ng, communication died quickly between the two. Finally I gave up
and used Logstash between Beats and syslog-ng, just as Scot. My blog
discusses extracting original syslog messages from messages collected by
filebeat: https://www.balabit.com/blog/sending-logs-logstash-syslog-ng/
Other Beats messages should work similarly and you can most likely spare
some of the dark magic employed :)
Bye,
Peter Czanik (CzP) <peter.czanik at balabit.com>
Balabit / syslog-ng upstream
https://www.balabit.com/blog/author/peterczanik/
https://twitter.com/PCzanik
On Wed, Jan 10, 2018 at 10:42 PM, Evan Rempel <erempel at uvic.ca> wrote:
> Looking for a clean way to get beats products to send data to syslog-ng.
>
> Does anyone have a working example?
>
> --
> Evan
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=
> syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180111/be0c6800/attachment.html>
More information about the syslog-ng
mailing list