beats icon indicating copy to clipboard operation
beats copied to clipboard

Published 20 hours ago verified publisher icon elastic

[proposal] Deprecate Filebeat syslog input

Open andrewkroh opened this issue 1 year ago • 2 comments

I propose we deprecate the Filebeat syslog input by adding a notice to the documentation that recommends switching inputs and applying the syslog processor. And we would also add a cfgwarn message to the code.

Why?

  • Decouple inputs from the processing of the data. Keeping them separate allows for more configuration flexibility and better reuse of building blocks.
  • There should not be two ways to do the same thing. The syslog input duplicates what the udp/tcp/unix inputs do plus adds syslog decoding which can be done with the syslog processor.
  • Syslog input is not aligned to ECS (while the syslog processor is).

Related

  • https://github.com/elastic/beats/issues/30139
  • https://github.com/elastic/beats/issues/20029#issuecomment-713194706

andrewkroh avatar Jan 05 '24 15:01 andrewkroh

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

elasticmachine avatar Jan 05 '24 15:01 elasticmachine

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

elasticmachine avatar Jan 31 '24 18:01 elasticmachine