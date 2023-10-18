Logging is not just syslog anymore. Still, many syslog-ng users stick to using one of the syslog protocols for log transport and flat files for log storage. While most SIEMs and log analytics tools can receive syslog messages or read them using their own agents, in most cases, you can use the http() destination of syslog-ng as well to send logs to them. You gain extreme performance and an architecture that is easier to maintain.

Some of the drivers in syslog-ng built on top of the http() destination include elasticsearch-http() destination for sending logs to Elasticsearch / OpenSearch. Many other services utilizing the Elasticsearch Bulk API exist, and there are also others using Sumo Logic, Splunk, and so on. Of course, there are some destinations where performance is not a major concern (or can even be a drawback, in fact). For example,various instant messaging services used for alerting (like Telegram or Slack) belong in this category. You can also read the API docs and write a new destination based on http() yourself.