> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Radoslav Bodó > Sent: Tuesday, April 10, 2012 1:10 PM > To: rsyslog-users > Subject: Re: [rsyslog] Who is interested in ElasticSearch? > > hi, > > recently i did some testing. i tried omelasticsearch but i stopped > using > direct output plugin in the favor of logstash push agent > > a) i wont connect logserver to the els cluster directly (because of > security)
I guess this cannot be solved in any case? You talk about not using direct connection because you want it indirect, right? > > a1) there are also issues sigsegv when setting configuration parameters > of omelasticsearch Was that from the recently refactored git branch? I am asking because I have completely rewritten the config part and would be very interested in any problems encountered. The relevant branch is here: http://git.adiscon.com/?p=rsyslog.git;a=shortlog;h=refs/heads/master-elastics earch > b) logstash has better functionality in parsing and mangling data > before > they are pushed to els What is missing? > c) els clients are very sensitive to input data. there were case when > there were binary data in logs and those cannt be pushed and whole > cluster crashed because of this. > > Feb 13 19:30:19 127.0.0.1 sshd[22862]: Invalid user imu\361oz from > a.b.c.d > Feb 13 19:30:19 127.0.0.1 sshd[22862]: pam_krb5(sshd:auth): > authentication failure; logname=imu�oz uid=0 euid=0 tty=ssh ruser= > rhost=a.b.c.d The original ,JSON template option was a hack and did not cover all cases. With the recent commit, JSON coding is much more solid - but obviously still experimental. Thanks for the feedback! Rainer > > that's also why i switch to logstash with: > > tr -c '[:print:][:cntrl:]' '?' | $JAVA_HOME/bin/java $JAVA_OPTS -jar > $JAR agent -f lsloader-stdin.conf > > On 10.4.2012 12:56, Rainer Gerhards wrote: > > Hi all, > > > > I am doing some experimental work on ElasticSearch integration. I > started off > > with a contribution and will extend it in the coming days/weeks. I > wonder who > > else is interested in that topic? Actually, I'd like to get feedback > both on > > suggested/required features as well as some folks who test out things > that > > have been implemented. > > > > Someone out here? Please feel free to share/forward this mail if you > happen > > to know somebody else. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
