Pull instead of push

Is there a specific beat or a way anyone knows where i can have my ELK server pull data from a syslog server? Instead of having to install a beat on my syslog server and pushing the data to my ELK server. I do not know if this is even possible but if any one knows of a way I would really appreciate it.

Hi, @Dalton_Culp
I don't think it is a good idea to pull data from Syslog server, and AFAIK the Syslog server doesn't provide such feature.

Instead of pulling by using beats, you may still use use syslog and with Omelasticsearch output(http://www.rsyslog.com/doc/v8-stable/configuration/modules/omelasticsearch.html) to send data from ES, or with OmKafka output (http://www.rsyslog.com/doc/master/configuration/modules/omkafka.html) for data safety.

Another option is to use Logstash with syslog input, here is a good article you may look: https://www.elastic.co/blog/how-to-centralize-logs-with-rsyslog-logstash-and-elasticsearch-on-ubuntu-14-04

1 Like

What if i map to that drive? @medcl1

@Dalton_Culp did you mean map that disk like NFS way, and read logs locally?

This topic was automatically closed after 21 days. New replies are no longer allowed.