I am trying to understand which architecture is better for me. I have a few hundreds of instances that I want to send their logs to one central server.
Should I got with A (run rsyslog on the central server to collect the logs and pass them into logstash) OR should I go with B (all logs will go directly into logstash from the rsyslog clients)?
If you have any other tips about my architecture, I would love to hear.
BTW- I rather not use Beats, because I already have rsyslog installed