[rsyslog-notify] Forum Thread: Re: rsyslog send log to logstash - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Wed Mar 25 18:35:31 CET 2015
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25356#p25356
Message:
----------
Well, the first question is why go rsyslog -> logstash -> elasticsearch
instead of just rsyslog -> elasticsearch? <!-- m --><a class="postlink"
href="http://www.rsyslog.com/doc/v8-stable/configuration/modules/omelasticsearch.html">http://www.rsyslog.com/doc/v8-stable/co
... earch.html</a><!-- m -->
I can't tell you how to configure logstash (you would need to ask the
logstash folks), but to send logs to logstash you just add a line
@10.5.1.111 and it will send all logs to that address via UDP (@@ip to send
them via TCP), now if you want to send them in some other format, things
get more involved, but you'd need to try thigns and do more before there's
much to say there.
More information about the rsyslog-notify
mailing list