1

I have already installed syslog-ng. Now I want to write data directly to elastic search not using logstash.

There as an add-on in syslog-ng for elastic search but I couldn't figure out how to install it. Please let me know, if anybody has did this before or has any idea about it.

Thanks

Raj
  • 29
  • 4

1 Answers1

0

There is a simple python based script which can be used using the program destination: https://github.com/balabit/syslog-ng-incubator/tree/master/scl/elasticsearch

If you don't mind using experimental software, there is a lot more high performance solution, compatible with Kibana, which needs the Java destination (available in syslog-ng incubator for 3.6 or 3.7 beta): https://github.com/juhaszviktor/ESDestination

Peter Czanik
  • 81
  • 5
  • Thanks. I tried adding it. but it is giving me the below error. Please let me know if there is something I am doing differently. the error is "Error parsing destination, destination plugin elasticsearch not found in /etc/syslog-ng/syslog-ng.conf" . I have already made the SCL directory and added all the files. – Raj May 06 '15 at 17:15
  • Any solution for this error? "Error parsing destination, destination plugin elasticsearch" – Tobia Jun 17 '15 at 08:34
  • Do you also include it in the configuration file? Like in the example config at https://github.com/balabit/syslog-ng-incubator/blob/master/scl/elasticsearch/elastic-example.conf Also, note that the python script needs to have the "python-requests" package to be installed (might have a different name on your distribution). – Peter Czanik Jun 18 '15 at 09:35