Available in AxoSyslog version 4.4 and later.
The opensearch() destination can directly post log messages to OpenSearch using its HTTP endpoint.
HTTPS connection, as well as password- and certificate-based authentication is supported. The content of the events is sent in JSON format.
Declaration:
@include "scl.conf"
# ...
d_opensearch {
opensearch(
index("<opensearch-index-to-store-messages>")
url("https://your-opensearch-endpoint:9200/_bulk")
);
};
Example: Sending log data to OpenSearch
The following example defines an opensearch() destination, with only the required options.
@include "scl.conf"
# ...
destination opensearch {
opensearch(
index("<name-of-the-index>")
url("http://my-elastic-server:9200/_bulk")
);
};
log {
source(s_file);
destination(d_opensearch_http);
flags(flow-control);
};
The following example uses mutually-authenticated HTTPS connection, templated index, and also sets some other options.
@include "scl.conf"
# ...
destination opensearch_https {
opensearch(
url("https://node01.example.com:9200/_bulk")
index("test-${YEAR}${MONTH}${DAY}")
time-zone("UTC")
workers(4)
batch-lines(16)
timeout(10)
tls(
ca-file("ca.pem")
cert-file("syslog_ng.crt.pem")
key-file("syslog_ng.key.pem")
peer-verify(yes)
)
);
};
This driver is actually a reusable configuration snippet configured to send log messages using the http() driver using a template. For details on using or writing such configuration snippets, see Reusing configuration blocks. You can find the source of this configuration snippet on GitHub.