Filebeat vs Rsyslog for forwarding logs
Question
I am currently using filebeat to forward logs to logstash and then to elasticsearch.
Now, I am thinking about forwarding logs by rsyslog to logstash. The benefit of this would be that, I would not need to install and configure filebeat on every server, and also I can forward logs in JSON format which is easy to parse and filter.
I can use TCP/UDP to forward logs to logstash by rsyslog.
I want to know the more benefits and drawbacks of rsyslog over filebeat, in terms of performance, reliability and ease of use.
2 answers
solution1
8 ACCPTED 2017-06-06 20:08:12
When you couple Beats with Logstash you have something called "back pressure management" - Beats will stop flooding the Logstash server with messages in case something goes wrong on the network, for instance.
Another advantage of using Beats is that in Logstash you can have persisted queues, which prevents you from losing log messages in case your elasticsearch cluster goes down. So Logstash will persist messages on disk. Be careful because Logstash can't ensure you wont lose messages if you are using UDP, this link will be helpful.
solution2
0 2019-02-24 22:15:38
Rsyslog has In-Memory, disk Queues. That should takes care of buffering messages.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.