Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider replacing Logstash by Vector.dev #572

Open
ypid-geberit opened this issue Oct 5, 2021 · 3 comments
Open

Consider replacing Logstash by Vector.dev #572

ypid-geberit opened this issue Oct 5, 2021 · 3 comments

Comments

@ypid-geberit
Copy link

ypid-geberit commented Oct 5, 2021

I have not used HELK but it looks to me that you are heavily relying on Logstash (a beast). I looked at most alternatives and am super happy with https://vector.dev/. Shameless selfplug: I wrote https://github.com/ypid/event-processing-framework which could be a base for HELK when using Vector.dev.

@neu5ron
Copy link
Collaborator

neu5ron commented Oct 28, 2021

same and I agree, but converting over thousands of lines of configs for the benefit of saving a few resources does not seem ideal. Using logstash for 8 years I have not run into any issues that I am unable to solve.
But yes, vector dev is theoretically much easier and in practice seems much more performant. but again, with this use case doesn't make sense to switch any time soon.

@neu5ron
Copy link
Collaborator

neu5ron commented Oct 28, 2021

there isn't a vector dev, logstash pipeline, or any other open source ETL that I have seen that even after 2 years of no updates is more involved than HELK.. even thousands of dollar SANS classes SOF-ELK is no where near.
It would take a lot to lift this over to vector.
but with that said, if you want to help I would be open @ypid-geberit

@ypid-geberit
Copy link
Author

ypid-geberit commented Oct 28, 2021

I understand, thanks for your feedback. I try to avoid touching Logstash when possible and rather migrate everything that I have to Vector (which is obviously less than what HELK has). So I will push https://github.com/ypid/event-processing-framework forward. I will see how I can integrate with HELK or cover some of its use cases.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants