syslog-ng documentation

Your main source of knowledge

The syslog-ng product family has an extensive documentation, covering everything from how to install a product to the most complex configuration and settings descriptions. If you cannot find an answer to your question, try the mailing list - our community is always eager to help.

syslog-ng Open Source Edition


7.2.3. Client modes

The syslog-ng OSE application can interact with Elasticsearch in transport mode or node mode.

  • Transport mode. The syslog-ng OSE application uses the transport client API of Elasticsearch, and uses the server(), port(), and cluster() options from the syslog-ng OSE configuration file.

  • Node mode. The syslog-ng OSE application acts as an Elasticsearch node (client no-data), using the node client API of Elasticsearch. Further options for the node can be describe in an Elasticsearch configuration file specified in the resource() option.


    In Node mode, it is required to define the home of the elasticsearch installation with the path.home paramter in the .yml file. For example: path.home: /usr/share/elasticsearch.