0

While surfing through internet I came accross rsyslog term which is something like monitoring and logging tool. Fer points that I collected :

1.Multi-threading
2.TCP, SSL, TLS, RELP
3.MySQL, PostgreSQL, Oracle and more
4.Filter any part of syslog message
5.Fully configurable output format
6.Suitable for enterprise-class relay chains

Similarly Packetbeat is used to monitor network packets and uses elasticsearch and Kibana. Packetbeat also monitors TCP, MySql etc.

So what is the prime diff between these two?

Shashank Vivek
  • 16,888
  • 8
  • 62
  • 104
  • 1
    Short simplified version: rsyslog is primarily used as a *NIX syslog daemon that can output logs it collects to different endpoints whereas packetbeat seems to be some kind of network analyzer. – Jite Aug 19 '15 at 12:36

1 Answers1

1

Rsyslog is basically for unix and unix like operating system while on the other hand Packetbeat provides support for all the operating systems. Apart from that Packetbeat can be used to analyze following protocols:

  • ICMP (v4 and v6)
  • DNS
  • HTTP
  • Mysql
  • PostgreSQL
  • Redis
  • Thrift-RPC
  • MongoDB
  • Memcache

While rsyslog provides support for following protocols:

  • 3195
  • auditd
  • gssapi
  • journal
  • klog
  • kmsg
  • mark
  • ptcp
  • relp
  • solaris
  • tcp
  • udp
  • uxsock
  • zmq3

So the use cases of both rsyslog and packetbeat varies like if you want to monitor your REST API transactions , mongo DB transactions then you can use packetbeat which when integerated with kibana can be used to visualise the traffic on the ports where you API server is running.

rresol
  • 323
  • 4
  • 20
  • Thanks for addressing my question.I got the difference but forgot to update it as answer. Marking your reply as an answer. ;) – Shashank Vivek Jul 12 '16 at 05:20