What is the difference between using the syslog and the tcp inputs when dealing with logs?
After reading the 5.6/plugins-inputs-syslog and 5.6/plugins-inputs-tcp pages, I can't guess the pros / cons of each plugins. I also checked 6.0 docs to see if syslog was deprecated but it doesn't seem to.
The syslog input listens for both UDP and TCP packets and parses most syslog inputs out of the box so that few or no additional filters are needed. The tcp input only does TCP and leaves the syslog parsing to other plugins.
I've tried both to check. Sending them data in RFC-5424 and RFC-3164.
I have managed to do more things using the tcp input than the syslog.
Not sure if that's expected. Seemed the syslog input didn't like to get various format.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.