-
The syslog-ng OSE application sends messages over HTTP using the REST API of Elasticsearch, and uses the cluster-url() and cluster() options from the syslog-ng OSE configuration file. In HTTP mode, syslog-ng OSEelasticsearch2 driver can send log messages to every Elasticsearch version, including 1.x-6.x. Note that HTTP mode is available in syslog-ng OSE version
In version
-
HTTPS mode
The syslog-ng OSE application sends messages over an encrypted and optionally authenticated HTTPS channel using the REST API of Elasticsearch, and uses the cluster-url() and cluster() options from the syslog-ng OSE configuration file. In HTTPS mode, syslog-ng OSEelasticsearch2 driver can send log messages to every Elasticsearch version, including 1.x-6.x. Note that HTTPS mode is available in syslog-ng OSE version
This mode supports password-based and certificate-based authentication of the client, and can verify the certificate of the server as well.
In version
-
Transport mode
The syslog-ng OSE application uses the transport client API of Elasticsearch, and uses the server(), port(), and cluster() options from the syslog-ng OSE configuration file.
-
Node mode
The syslog-ng OSE application acts as an Elasticsearch node (client no-data), using the node client API of Elasticsearch. Further options for the node can be describe in an Elasticsearch configuration file specified in the resource() option.
NOTE: In Node mode, it is required to define the home of the elasticsearch installation with the path.home parameter in the .yml file. For example: path.home: /usr/share/elasticsearch.
-
Search Guard mode
Use the Search Guard Elasticsearch plugin to encrypt and authenticate your connections from syslog-ng OSE to Elasticsearch 2.x. For Elasticsearch versions 5.x and newer, use HTTPS mode. For details on configuring Search Guard mode, see Search Guard and syslog-ng OSE.