syslog-ng documentation

Your main source of knowledge

The syslog-ng product family has an extensive documentation, covering everything from how to install a product to the most complex configuration and settings descriptions. If you cannot find an answer to your question, try the mailing list - our community is always eager to help.

syslog-ng Premium Edition


7.2.3. Client modes The syslog-ng Premium Edition 7 Administrator Guide

The syslog-ng PE application can interact with Elasticsearch in the following modes of operation: node, shield, and transport.

  • Transport mode. The syslog-ng PE application uses the transport client API of Elasticsearch, and uses the server(), port(), and cluster() options from the syslog-ng PE configuration file.

  • Node mode. The syslog-ng PE application acts as an Elasticsearch node (client no-data), using the node client API of Elasticsearch. Further options for the node can be describe in an Elasticsearch configuration file specified in the resource() option.


    In Node mode, it is required to define the home of the elasticsearch installation with the path.home parameter in the .yml file. For example: path.home: /usr/share/elasticsearch.

  • Shield mode. Use Elasticsearch X-Pack security (Shield) to encrypt and authenticate your connections to from syslog-ng PE to Elasticsearch 2 and newer. For details on configuring Shield mode, see Procedure 7.2.4, Elasticsearch X-Pack (Shield) and syslog-ng PE.