I need to implement internal DNS logging and I'm trying to determine which is better filebeat or packetbeat. This is a Windows DNS server and the logs can be written to a local file which we can read with filebeat or we can have packetbeat read the incoming DNS requests.
I'm curious as to what others have seen in regards to performance on the host, number and size of these logs, any missed logs or if there is another metric that can be used to compare the two.
I'd go with packetbeat because it's created, by design, with that purpose in mind. Then you can always connect Filebeat later if you also need to parse logs to get some extra information.
Performance must be similar because the "underlying engine" is the same.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.