Hi,
I have in machine logstash and elasticsearch installed and I have in other server configured syslog-ng to collect logs.
How I can use logstash to connect syslog-ng server to get logs and parse data locally to elasticsearch?
I have to install something on the machine with logstash? And what I have to do in syslog-ng server?
Thanks for help.
Logstash can receive syslog messages via the udp, tcp, or syslog input plugins. You can use them to receive messages from servers running syslog-ng. Another option is to run Logstash or Filebeat on the syslog hosts and use Logstash/Filebeat to ship the logs to the central Logstash instance.
Hi,
Starting from version 3.7, syslog-ng, you can send log messages directly to Elasticsearch, without having to involve Logstash.
But first, I need to use Logstash to parse message because it has irregular format.
So, I will have logstash in local machine and syslog-ng server. What I need to configure to ship data between machines?
syslog-ng can also parse messages
I have logtash on server1 and syslog-ng on server 2. I have configured syslogng conf to send logs to server1 on port 514. tcp
but how do i check whether the logtash on server1 is receiving those logs. in my case it seems it is not receiving . i tried with blank input also . can you let em know hat exactly i am misisng here
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.