I'm trying to figure out how Logstash integrates with syslog. Which of the following is true:
- Logstash itself is a bon afide syslog server (implements the syslog protocol). In this case, you configure all of your syslog client to log directly to the Logstash server via the syslog protocol. Or...
- You configure all of your syslog client to log to a centralized syslog server (such as a machine running
rsyslog
), and then configure some kind of bridge between the syslog server and the Logstash server? Or... - Something else entirely?
I'm looking to understand the relationships between syslog client, syslog server, and Logstash.