Parse syslog-ng log to elasticsearch

Hi All,
Iam glad to join this group.
Basically i'm in the midst of setting up POC for centralize log collection and analyse the log.
Following is my setup on RHEL 7.6.
Syslog-ng-collect log from remote clients
Elasticsearch
Kibana
Need your help to provide sample config file to parse syslog-ng log to elasticsearch and create index pattern,really appreciate your help.

Thanks

Hi,

The syslog-ng blog has regular posts about using syslog-ng with elastic. This post is about setting up Elastic 7 and receive logs from syslog-ng.

Hi @ravipemmasani,

the system module included in filebeat also consumes the syslog.

If running a lightweight shipper like filebeat on the edge system is not an option, there is also the syslog input in filebeat, which can receive remote syslog events via UDP or TCP.

The advantage with both of these would be that filebeat manages most of the index mapping for you if you let it ship the data directly to Elasticsearch.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.