Trying to decide if i should replace rsyslog with logstash or read off of rsyslog's file and use logstash to insert to elastic search.<p>I'm thinking rsyslog is not required but not sure if logstash is more stable than rsyslog.
They are both reliable and they both have Elasticsearch outputs (recipe for rsyslog+Elasticsearch+Kibana here: <a href="http://blog.sematext.com/2013/07/01/recipe-rsyslog-elasticsearch-kibana/" rel="nofollow">http://blog.sematext.com/2013/07/01/recipe-rsyslog-elasticse...</a>). I would stick with rsyslog if you only need to send syslog to Elasticsearch (maybe upgrade to a recent version, the ones from most distros are ancient). Logstash is more flexible and easy to use, so if I have something that rsyslog can't do or it's too messy, I would replace it with Logstash, or just install Logstash alongside rsyslog (normally, rsyslog is very light)
Both should be reliable. The benefit you get with logstash or ELK (Elasticsearch, Logstash, Kibana) is that you can graph the log, search the logs easily from multiple servers and set alert based on anomaly pattern found on logs.