Client modes
The AxoSyslog application can interact with Elasticsearch in the following modes of operation: http, https, node, searchguard, and transport.
HTTP mode
The AxoSyslog application sends messages over HTTP using the REST API of Elasticsearch, and uses the cluster-url()
and cluster()
options from the AxoSyslog configuration file. In HTTP mode, AxoSyslogelasticsearch2
driver can send log messages to every Elasticsearch version, including 1.x-6.x. Note that HTTP mode is available in AxoSyslog version 3.8 and newer.
In version 3.10 and newer, you can list multiple servers in HTTP and HTTPS mode in the cluster-url()
and server()
options. The AxoSyslog application will use these destination servers in load-balancing fashion. Note that load-balancing is handled by an external library (Jest), AxoSyslog does not have any direct influence on it.
HTTPS mode
The AxoSyslog application sends messages over an encrypted and optionally authenticated HTTPS channel using the REST API of Elasticsearch, and uses the cluster-url()
and cluster()
options from the AxoSyslog configuration file. In HTTPS mode, AxoSyslogelasticsearch2
driver can send log messages to every Elasticsearch version, including 1.x-6.x. Note that HTTPS mode is available in AxoSyslog version 3.10 and newer.
This mode supports password-based and certificate-based authentication of the client, and can verify the certificate of the server as well.
In version 3.10 and newer, you can list multiple servers in HTTP and HTTPS mode in the cluster-url()
and server()
options. The AxoSyslog application will use these destination servers in load-balancing fashion. Note that load-balancing is handled by an external library (Jest), AxoSyslog does not have any direct influence on it.
Transport mode
The AxoSyslog application uses the transport client API of Elasticsearch, and uses the server()
, port()
, and cluster()
options from the AxoSyslog configuration file.
Node mode
The AxoSyslog application acts as an Elasticsearch node (client no-data), using the node client API of Elasticsearch. Further options for the node can be describe in an Elasticsearch configuration file specified in the resource()
option.
In Node mode, it is required to define the home of the elasticsearch installation with the <code>path.home</code> parameter in the <code>.yml</code> file. For example: <code>path.home: /usr/share/elasticsearch</code>.
Search Guard mode
Use the Search Guard Elasticsearch plugin to encrypt and authenticate your connections from AxoSyslog to Elasticsearch 2.x. For Elasticsearch versions 5.x and newer, use HTTPS mode. For details on configuring Search Guard mode, see Search Guard.