I would like to have ephemeral ec2 instances push logs to a central flat-file store for archiving and manual perusing, as well has have that data pushed to elastic search.
Is there a single agent that can tail local log files and both push them to a central flat-file store as well as push them to elastic search?
This sounds like a job for.. Logstash!!!
But seriously though, install Logstash on your central logging server, and push the logs there with Logstash-Forwarder, using the Lumberjack protocol.
In Logstash, you can setup multiple outputs, which can be Elastic and local flat files with whatever format you want.
