We are planning to set up a ELK-Infrastructre with a central Logserver. For the moment the design is the following:
Rsyslog (external Server) --> Syslog (Logserver) --> Logstash-Agent --> Redis --> Indexer --> Elasticsearch --> Web Interface
We discussed the possibility of using Logstash-Shippers on the Servers (Linux, Riverbed etc.) to log directly to Redis. The Problem is, that we have some Switches where we can only use Rsyslog for logging because they cant install a shipper. And it seems very unsound to use two different systems.
So my question:
Is there a possibility of logging directly from rsyslog to redis? Any other recommandations?
Thank you for answers, YK