[syslog-ng] Anyone sourcing from beats

Evan Rempel erempel at uvic.ca
Thu Jan 11 17:23:41 UTC 2018 

At the moment I am focused on winlogbeats. The latest releases of winlogbeats don't have a streaming json output. This means that the json parser will not accept the raw data.

I will also want to use filebeat as well.

I would be happy with a way for syslog-ng to consume any of the output formats of the Elastic Beats family. The list is

Elasticsearch
Logstash
Kafka
Redis


My understanding is that Logstash is really the lumberjack protocol version 2.

I think that the only 2 realistic formats for consumption by syslog-ng would be Logstash or Kafka. The Elasticsearch protocol is over http(s) which is not a good fit for syslog-ng input.

Evan.

On 01/10/2018 09:43 PM, Laszlo Budai wrote:
> Hi,
>
> you mean Elastic Beats? Could you share your use case in more details(what kind of beats you would like to use, and so on)?
>
> regards,
> Laszlo Budai
>
> Get Outlook for iOS <https://aka.ms/o0ukef>
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> *From:* syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Scot <scotrn at gmail.com>
> *Sent:* Thursday, January 11, 2018 2:47:52 AM
> *To:* Syslog-ng users' and developers' mailing list
> *Subject:* Re: [syslog-ng] Anyone sourcing from beats
> Posted in thread.
>
>
>     Re: Re: [syslog-ng] Syslog-ng input for beatsĀ ? [SUMMARY01]
>
>
>
> On Wed, Jan 10, 2018 at 4:42 PM, Evan Rempel <erempel at uvic.ca <mailto:erempel at uvic.ca>> wrote:
>
>     Looking for a clean way to get beats products to send data to syslog-ng.
>
>     Does anyone have a working example?
>
>     -- 
>     Evan
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180111/2553d02c/attachment.html>

More information about the syslog-ng mailing list