Hello,
I am wondering what product is better for less system resource usage and service stability.
As you see below, there are SYSLOG generators and Rsyslogd. Rsyslog receives the logs from multiple source generators (via TCP) to store into disk storage. then Logstash read, filter and send them to Elasticsearch.
SYSLOG generator(app servers) --> Rsyslog to write SYSLOG into disk storage --> Logstash reads SYSLOG from the disk storage --> Elasticsearch
Recently I was observing abnormal high CPU/Memory usage issue with Rsyslogd. Most case Rsyslog was restarted automatically when it was dead due to Out of Memory, but sometime VM itself was hung that required manual restart.
I am planning to add CPU/Memory into Rsyslog servers, but also considering to change it with Filebeat (or Logstash).
Rsyslog role is just receiving SYSLOG from that's generators, then store into the disk storage.
In my case, Filebeat is better option or Logstash from system resource / service stability perspective?
Please advise. Thank you!