7.2.3. Client modes

The syslog-ng OSE application can interact with Elasticsearch in transport mode or node mode.

  • Transport mode. The syslog-ng OSE application uses the transport client API of Elasticsearch, and uses the server(), port(), and cluster() options from the syslog-ng OSE configuration file.

  • Node mode. The syslog-ng OSE application acts as an Elasticsearch node (client no-data), using the node client API of Elasticsearch. Further options for the node can be describe in an Elasticsearch configuration file specified in the resource() option.


    In Node mode, it is required to define the home of the elasticsearch installation with the path.home paramter in the .yml file. For example: path.home: /usr/share/elasticsearch.