I am just starting out with ELK and have a question that I can't seem to find an answer to. This is my first post, so I hope this is the right spot to ask. I've looked at the Logstash Book by James Turnbull and searched here and Google but I am still unable to find the answer to, How do I get syslog messages into Redis?
In the Logstash book, it explains how to add the syslog input to the Logstash central.conf file but from my understanding that's not going through Redis. Is this correct? Wouldn't you want syslog messages to go through a broker instead of directly to the Logstash Indexer? If not, what's the best practice method for handling syslog messages?
One of my goals with this project is to get our Cisco devices or any other device that has to use syslog to ship messages to the Logstash Indexer. Maybe Redis is not the route to go but most of my research suggests that there be some sort of broker (Redis, RabbitMQ, Kafka) in between the shipper and Indexer.
Any help or suggestions on this topic will be much appreciated. Thanks for your time.