syslog-ng documentation

Your main source of knowledge

The syslog-ng product family has an extensive documentation, covering everything from how to install a product to the most complex configuration and settings descriptions. If you cannot find an answer to your question, try the mailing list - our community is always eager to help.

syslog-ng Premium Edition

Contents

7.2.1. Procedure – Prerequisites The syslog-ng Premium Edition 7 Administrator Guide

To send messages from syslog-ng PE to Elasticsearch, complete the following steps.

Steps: 

  1. Download and install the Java Runtime Environment (JRE), 2.x (or newer). The syslog-ng PE elasticsearch2 destination is tested and supported when using the Oracle implementation of Java. Other implementations are untested and unsupported, they may or may not work as expected.

  2. Note

    This step is only required if you use the elasticsearch2 destination in node mode or transport mode.

    Download the Elasticsearch libraries (version 2.x or newer from the 2.x line) from https://www.elastic.co/downloads/elasticsearch.Balabit tests the destination using Elasticsearch version 2.4.To use Elasticsearch 1.x, use the elasticsearch() destination (see Section 7.1, elasticsearch: Sending messages directly to Elasticsearch version 1.x).

  3. Note

    This step is only required if you use the elasticsearch2 destination in node mode or transport mode.

    Extract the Elasticsearch libraries into a temporary directory, then collect the various .jar files into a single directory (for example, /opt/elasticsearch/lib/) where syslog-ng PE can access them. You must specify this directory in the syslog-ng PE configuration file. The files are located in the lib directory and its subdirectories of the Elasticsearch release package.