We've recently been asked to ship a portion of our logs to a client at their datacenter. We are currently using the syslog output module to send logs from logstash to another internal device at the end of our pipeline.
I'm thinking that the easiest way to get the logs to this 3rd party may be to use the syslog output module to send them the requested logs but I have a couple of questions about this.
is it possible to encrypt the transfer of these logs using the syslog output module?
if we lose network connectivity to the destination syslog host, can we trust the syslog output module to queue these logs and if so for how long?
is there a better way to do this?