Answer the question
In order to leave comments, you need to log in
G
G
gremlintv22019-07-05 19:50:30
gremlintv2, 2019-07-05 19:50:30
How to get rsyslog output?
Hello
How can I debug why the rsyslog -> logstash -> elasticsearch link does not work?
I configured according to this tutorial
. The configs are identical, but the centos7 environment:
LOGSTASH:
# cat /etc/logstash/conf.d/input.conf
input {
beats {
port => 5044
}
udp {
host => "127.0.0.1"
port => 10514
codec => "json"
type => "rsyslog"
}
}# cat /etc/logstash/conf.d/input.conf
if [type] == "rsyslog" {
elasticsearch {
hosts => "localhost:9200"
}
}
}# filter {}RSYSLOG:
# cat /etc/rsyslog.d/60-output.conf
*.* @127.0.0.1:10514;json-template# cat /etc/rsyslog.d/01-json-template.conf
template(name="json-template"
type="list") {
constant(value="{")
constant(value="\"@timestamp\":\"") property(name="timereported" dateFormat="rfc3339")
constant(value="\",\"@version\":\"1")
constant(value="\",\"message\":\"") property(name="msg" format="json")
constant(value="\",\"sysloghost\":\"") property(name="hostname")
constant(value="\",\"severity\":\"") property(name="syslogseverity-text")
constant(value="\",\"facility\":\"") property(name="syslogfacility-text")
constant(value="\",\"programname\":\"") property(name="programname")
constant(value="\",\"procid\":\"") property(name="procid")
constant(value="\"}\n")
}The question is:
1) how to get rsyslog output?
2) how to get logstash output?
3) is it easier and more efficient to use syslog-ng
Similar questions
A
S
L
S
M
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question