On Fri, 1 Jun 2018, 06:09 Predrag Punosevac, wrote:
> Hi Misc,
>
> I am revisiting the idea of storing log files in Elasticsearch DB for
> quick search, analytics, and visualization (Kibana). I would like to
> keep my current OpenBSD syslog-ng centralized logging server and just
> write logs into ElasticsearchDB instead of flat files. Looks like
> Elastricsearch runs happily on OpenBSD
>
> http://openports.se/textproc/elasticsearch
>
> just like Kibana
>
> http://openports.se/www/kibana
>
> I was wondering if the syslog-ng version in ports 3.12.1 (the latest
> release seems to be 3.15.1) supports Java plugin needed to send logs
> from syslog-ng to Elasticsearch. It looks like 3.12.1 is high enough
> version which supports syslog-ng-incubator which was not the case last
> time
>
> https://marc.info/?l=openbsd-misc=143249546020820=2
>
> However I don't see incubator in ports
>
> https://github.com/balabit/syslog-ng-incubator
>
> To be frank by looking quickly through incubator GitHub pages it is not
> even clear to me that Java module currently necessary to send things to
> Elasticsearch is even the part of the incubator. I stumbled somewhere on
> Balabit official documentation which recommends Linux (binary blob
> plugins) as the syslog-ng server OS for that very reason.
>
> I do see that Balabit is contemplating writing a native Elasticsearch
> destination driver per Google Summer of Code
>
>
> https://github.com/balabit/syslog-ng/wiki/GSoC-2018-Proposal-:-ElasticSearch-destination:-native(C)-REST-API
>
> Can anybody who is more informed than I on the topic shed some light
> onto this topic?
>
> Best,
> Predrag
>
You could use either filebeat or send the logs to logstash. Which may be
good idea anyway, since a friend is recently having a rough time of trying
to get kibana to work with logs processed by fluentd.
>
