Filebeat vs Rsyslog for log shipping
I am currently using filebeat to push logs to logstash and then elasticsearch.
Now I am thinking about sending logs with rsyslog to logstash. The advantage of this would be that I did not need to install and configure filebeat on every server, and I can also send logs in JSON format that are easy to parse and filter.
I can use TCP / UDP to send logs to logstash using rsyslog.
I want to know more about the advantages and disadvantages of rsyslog over a file ticket in terms of performance, reliability, and ease of use.
source to share
When you connect Beats to Logstash, you have something called "back pressure control" - Beats will stop flooding the Logstash server with messages if, for example, something goes wrong on the network.
Another benefit of using Beats is that in Logstash you can have persistent queues that prevent you from losing log messages if your elasticsearch cluster is down. This way, Logstash will save messages to disk. Be careful because Logstash cannot guarantee that you will not lose messages if you are using UDP, this link will be helpful.
source to share