Filebeat vs Rsyslog用于转发日志
[英]Filebeat vs Rsyslog for forwarding logs
问题描述
I am currently using filebeat to forward logs to logstash and then to elasticsearch. 
我目前正在使用filebeat将日志转发到logstash,然后转发到elasticsearch。
Now, I am thinking about forwarding logs by rsyslog to logstash. 现在,我正在考虑通过rsyslog将日志转发到logstash。 The benefit of this would be that, I would not need to install and configure filebeat on every server, and also I can forward logs in JSON format which is easy to parse and filter. 这样做的好处是,我不需要在每台服务器上安装和配置filebeat,而且我也可以转发JSON格式的日志,这种格式易于解析和过滤。
I can use TCP/UDP to forward logs to logstash by rsyslog. 我可以使用TCP / UDP通过rsyslog将日志转发到logstash。
I want to know the more benefits and drawbacks of rsyslog over filebeat, in terms of performance, reliability and ease of use. 我想知道rsyslog优于filebeat的优点和缺点,包括性能,可靠性和易用性。
2 个解决方案
解决方案1
8 已采纳 2017-06-06 20:08:12
When you couple Beats with Logstash you have something called "back pressure management" - Beats will stop flooding the Logstash server with messages in case something goes wrong on the network, for instance. 当您将Beats与Logstash结合使用时,您会遇到一种称为“背压管理”的东西 - 例如,如果网络出现问题,Beats将停止使用消息充斥Logstash服务器。
Another advantage of using Beats is that in Logstash you can have persisted queues, which prevents you from losing log messages in case your elasticsearch cluster goes down. 使用Beats的另一个好处是,在Logstash中,您可以拥有持久队列,这可以防止您在弹出搜索群集出现故障时丢失日志消息。 So Logstash will persist messages on disk. 因此Logstash会将消息保留在磁盘上。 Be careful because Logstash can't ensure you wont lose messages if you are using UDP, this link will be helpful. 要小心,因为如果您使用UDP,Logstash无法确保您不会丢失消息, 此链接将很有帮助。
解决方案2
0 2019-02-24 22:15:38
Rsyslog has In-Memory, disk Queues. Rsyslog具有内存中的磁盘队列。 That should takes care of buffering messages. 这应该负责缓冲消息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.