syslog-ng documentation

Your main source of knowledge

The syslog-ng product family has an extensive documentation, covering everything from how to install a product to the most complex configuration and settings descriptions. If you cannot find an answer to your question, try the mailing list - our community is always eager to help.

syslog-ng Premium Edition


7.2.4. Procedure – Elasticsearch X-Pack (Shield) and syslog-ng PE


Version 5.6 and later supports Elasticsearch X-Pack security (Shield) to encrypt and authenticate your connections to from syslog-ng PE to Elasticsearch 2 and newer. In this mode, syslog-ng PE uses the transport client API of Elasticsearch, and uses the server(), port(), and cluster() options from the syslog-ng PE configuration file, but with Shield (X-Pack security) support. To configure syslog-ng PE to send messages to an Elasticsearch cluster that uses Shield, complete the following steps.


  1. Add the Shield .jar file (shield-x.x.x.jar) to the same directory where your Elasticsearch .jar files are located. You can download the Shield distribution and extract the .jar file manually, or you can get it from the Elasticsearch Maven repository.

  2. Shield mode inherits the Transport mode options, but the Shield-related options must be configured in the .yml file (see the Section resource()). For example:

    shield.user: es_admin:********
    shield.transport.ssl: true
    shield.ssl.keystore.path: /usr/share/elasticsearch/node.jks
    shield.ssl.keystore.password: mypassword

    For more details about the possible options, see:

  3. Configure an Elasticsearch destination in syslog-ng PE that uses the shield client mode.