7.2.3. Client modes The syslog-ng Premium Edition 7 Administrator Guide
The syslog-ng PE application can interact with Elasticsearch in the following modes of operation: node, shield, and transport.
Node mode. The syslog-ng PE application acts as an Elasticsearch node (client no-data), using the node client API of Elasticsearch. Further options for the node can be describe in an Elasticsearch configuration file specified in the
Shield mode. Use Elasticsearch X-Pack security (Shield) to encrypt and authenticate your connections to from syslog-ng PE to Elasticsearch 2 and newer. For details on configuring Shield mode, see Procedure 7.2.4, Elasticsearch X-Pack (Shield) and syslog-ng PE.