On Fri, 1 Jun 2018, 06:09 Predrag Punosevac, <[email protected]> wrote:
> Hi Misc, > > I am revisiting the idea of storing log files in Elasticsearch DB for > quick search, analytics, and visualization (Kibana). I would like to > keep my current OpenBSD syslog-ng centralized logging server and just > write logs into ElasticsearchDB instead of flat files. Looks like > Elastricsearch runs happily on OpenBSD > > http://openports.se/textproc/elasticsearch > > just like Kibana > > http://openports.se/www/kibana > > I was wondering if the syslog-ng version in ports 3.12.1 (the latest > release seems to be 3.15.1) supports Java plugin needed to send logs > from syslog-ng to Elasticsearch. It looks like 3.12.1 is high enough > version which supports syslog-ng-incubator which was not the case last > time > > https://marc.info/?l=openbsd-misc&m=143249546020820&w=2 > > However I don't see incubator in ports > > https://github.com/balabit/syslog-ng-incubator > > To be frank by looking quickly through incubator GitHub pages it is not > even clear to me that Java module currently necessary to send things to > Elasticsearch is even the part of the incubator. I stumbled somewhere on > Balabit official documentation which recommends Linux (binary blob > plugins) as the syslog-ng server OS for that very reason. > > I do see that Balabit is contemplating writing a native Elasticsearch > destination driver per Google Summer of Code > > > https://github.com/balabit/syslog-ng/wiki/GSoC-2018-Proposal-:-ElasticSearch-destination:-native(C)-REST-API > > Can anybody who is more informed than I on the topic shed some light > onto this topic? > > Best, > Predrag > You could use either filebeat or send the logs to logstash. Which may be good idea anyway, since a friend is recently having a rough time of trying to get kibana to work with logs processed by fluentd. >
