Rsyslog and Logstash production setup

davideagle · August 4, 2016, 10:44am

I am new to ELK stack and I was hoping someone could answer a short question regarding architecture. I'm exploring the possibility of shipping syslog from multiple servers (to start with in the tens) to elasticsearch. would one set up logstash on each node and have each node responsible for shipping the logs to elastic or would you set up a single central rsyslog server, collecting from the others that runs logstash and have that ship the logs?

Which way would you choose and why?

warkolm · August 5, 2016, 12:29am

Not the first one, I'd use filebeat instead.
Your second option is also viable.

davideagle · August 5, 2016, 9:51am

Is there any particular reason for why you would not make the server responsible for generating the logs ship them to elasticsearch?

warkolm · August 5, 2016, 12:00pm

You could do that.

Topic		Replies	Views
Can't get rsyslog+ELK working Logstash	4	1683	July 6, 2017
A ELK-Design Question Elasticsearch	2	713	July 5, 2017
Logstash on app server or on ELK server? Logstash	4	1515	July 6, 2017
Simple Central log monitoring with ELK Logstash	21	2710	September 13, 2021
How can I send syslogs to ELK Cloud with rsyslog? Logstash	5	376	September 13, 2019

Rsyslog and Logstash production setup

Related topics