Why Logstash's Syslog Plugin is udp_tcp
When using Logstash for log collection, a common scenario is to use the syslog plugin to collect logs from network devices or security devices. But when you search for logstash syslog plugin, you might find that search engines or ChatGPT give answers about the udp plugin or tcp plugin. This raises some questions: What is the difference between the syslog plugin and the tcp/udp plugins? Why is the official syslog plugin performance poor? Which plugin should be used in a real production environment? This article attempts to analyze the differences between the syslog plugin and tcp/udp plugins, and provides best practices. ...