Reputation: 1611
How does Logstash integrate with Syslog?
I'm trying to figure out how Logstash integrates with syslog. Which of the following is true:
- Logstash itself is a bon afide syslog server (implements the syslog protocol). In this case, you configure all of your syslog client to log directly to the Logstash server via the syslog protocol. Or...
- You configure all of your syslog client to log to a centralized syslog server (such as a machine running
rsyslog), and then configure some kind of bridge between the syslog server and the Logstash server? Or... - Something else entirely?
I'm looking to understand the relationships between syslog client, syslog server, and Logstash.
Upvotes: 2
Views: 4664
Answers (1)
Reputation: 17165
If you use the syslog input on logstash (http://logstash.net/docs/1.4.0/inputs/syslog), you are setting up a TCP/UDP syslog server. That means you have to tell your clients (say log4j) where your syslog server is, or configure a syslog instance already running to forward the messages on to your logstash instance (via a *.* @host syntax in /etc/syslog.conf file).
It really depends on what your requirements are -- if you need to receive logs from a unix domain socket, you'll have to use the forwarding method or setup a file watcher to watch the /var/log/* files directly.
Upvotes: 3
Related Questions
- How to Disable logstash error logging in syslog
- Forward Docker log to logstash using syslog driver
- using syslog to ship the docker container logs to logstash
- How to setup logstash on Salesforce
- Logstash vs Rsyslog for log file aggregation
- Getting Logstash to treat syslog message string as JSON if applicable
- Logstash rsyslog + apache
- logstash, syslog and grok
- Can logstash read directly from remote log?
- logstash and elasticlog