Hi all,
I'd appreciate some input regarding my proposed setup. I'm pretty new to all of these products so I might have the wrong mindset. Please see the attached image.
Many thanks
I think it looks pretty reasonable. Any particular reason you want syslog-ng to receive the messages before handing them off to the shipper instance? How do the shippers decide which Redis instance to connect to?
Thanks Magnus
hmm, didn't actually think about skipping syslog-ng all together?! So you mean logstash can recieve directly from the clients syslog?
Regarding which redis I think I read somewhere you could configure the output to redis to be redundant?
hmm, didn't actually think about skipping syslog-ng all together?! So you mean logstash can recieve directly from the clients syslog?
Sure, Logstash has a syslog input.
Regarding which redis I think I read somewhere you could configure the output to redis to be redundant?
Oh, right. Yes, that's fine.
Aha, so I can just set up an syslog input and use the host and port instead of a file param to setup a listener?
Like this I guess
input {
udp {
port => 514
type => syslog
}
}
Thanks 