Right now I'm running syslog-ng 3 (3.35.1) on Ubuntu 22.04.1 LTS. The goal is to use https secured protocol to send data and to use basic authentication. Syslog-ng is sending properly logs to Elasticsearch API using elasticsearch-http module as shown below:
destination elk_http {
elasticsearch-http(
index("testing_index")
type("")
url("http://a.b.c.d:port/_bulk")
workers(4)
);
};
Now I have to change destination address from http to https and as far as I know there will be no problems, but how can I configure basic auth ? I was trying to google for solution but I have only found examples with elasticsearch2 module (@module mod-java). The problem is that I can not install elasticsearch2 module in any way (apt-get install syslog-ng-mod-elasticsearch, apt-get install syslog-ng-mod-java and so on). Is there any way to enable basic auth with 'elasticsearch-http' module or if not do i have to install syslog-ng with sources and then enable mod-java or maybe there simple way to install mod-java ?
If you have any ideas please let me know.
Regards
You can use the elasticsearch-http() destination for that, just set the
user()andpassword()options. You'll also need to set some options if you want to verify the certificate of the server (see the examples here), or just usepeer-verify(no)if you just want to test https without cert validation.I have figure it out, for those who need clue configuration is shown below: