search for: logstash

I am using the puppet logstash module from Forge installed at /etc/puppet/modules/logstash I am trying to setup my profile class as profiles::logstash. My manifest is at /etc/puppet/modules/profiles/manifests/logstash.pp In my /etc/puppet/modules/profiles/manifests/logstash directory I have: install.pp config.pp service.pp...

Hey guys, I'm trying to rotate a logstash log that can grow pretty large. 3.4GB last I saw! And that's because the logrotate script I came up with didn't work. The error I get on a syntax check is this: #logrotate -f logstash size: '100M': No such file size: '100M': No such file size: '100M': No such fi...

I asked a similar question about a year ago and didn't get any answers. So I thought I'd try again. What do people do to get their syslog messages on CentOS 7 into a remote ELK stack. I've tried lots of things involving rsyslog, filebeat, redis, logstash and so on in lots of different configurations but nothing really works. I can get rsyslog to talk directly to logstash (acting as a syslog server) but the messages don't have facility or severity codes in them which makes it considerably more difficult to manage the messages. P.

...quot;=>"failed to > parse field [timestamp] of type [date]", > "caused_by"=>{"type"=>"illegal_argument_exception", > "reason"=>"Invalid format: \"Mar 8 11:13:54\""}}}}} [2019-03-08T11:13:47,125][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"%{[@metadata][comline]}-%{[@metadata][version]}", :_type=>"doc", :routing=>nil}, #<LogStash::Event:0x3af3f839>], :re...

On Sun, 6 Mar 2016 04:34, Tim Dunphy <bluethundr at ...> wrote: > Hey guys, > > I'm trying to rotate a logstash log that can grow pretty large. 3.4GB last > I saw! > > And that's because the logrotate script I came up with didn't work. > > The error I get on a syntax check is this: > > #logrotate -f logstash > size: '100M': No such file > size: '100M': No su...

Guys, I need to parse my dovecot log files with logstash grok patterns. Is there any document specifying the patterns used by dovecot to write it's logs? I need to find all the log possibilities that could be writed to log files by dovecot. So, if a document like that exists or if anyone could answer my question, I'll could make the parser w...

...The last post regarding this endeavor was in 2014 (http://www.dovecot.org/list/dovecot/2014-June/096589.html), which "only" extracts the key->value pairs but not other parts of the log lines. One finds the occasional attempt here and there on GitHub, like https://github.com/PCextreme/logstash-grok-patterns/blob/master/mail . But nothing in comparison to the simply amazingly good patterns there are for Postfix from whyscream (https://github.com/whyscream/postfix-grok-patterns). He even added some "I don't understand this yet" rule to learn where the parsing lags. I was won...

Hi Thomas, > What's really nice is, that it understands the Icecast log format > extension where we record the duration of the connection in seconds. I can't take credit for that, the work was done by Alejandro: https://github.com/piwik/piwik/pull/65 Cheers! Daniel

puppet agent --verbose shows a verbose output of the changes done by puppet, such as: notice: /Stage[main]/Logstash::Config/Logstash::Configdir[agent]/File[/etc/logstash/agent/config]/owner: owner changed ''root'' to ''logstash'' notice: /Stage[main]/Varnish/Service[varnish]/ensure: ensure changed ''stopped'' to ''running'' I''d need to m...

...;t know but decided to look again and I found this article https://devconnected.com/monitoring-linux-logs-with-kibana-and-rsyslog/ > What do people do to get their syslog messages on CentOS 7 into a > remote ELK stack. I've tried lots of things involving rsyslog, > filebeat, redis, logstash and so on in lots of different configurations > but nothing really works. > > I can get rsyslog to talk directly to logstash (acting as a syslog > server) but the messages don't have facility or severity codes in them > which makes it considerably more difficult to manage the mes...

...emplates and it's a pain trying to get filebeat to parse them (and the filebeat redis output seems a bit flaky as well). I can see that syslog-ng has redis support, but I would prefer to keep rsyslog since that is the default. So, what do people do to ship their logs to ELK (or, specifically, logstash). Is there some magic, neat solution? Or do I keep just hammering away at filebeat -> redis -> logstash until I get something that's reliable? Or do I go down the syslog-ng route? P.

...t; wrote: > I asked a similar question about a year ago and didn't get any answers. > So I thought I'd try again. > > What do people do to get their syslog messages on CentOS 7 into a > remote ELK stack. I've tried lots of things involving rsyslog, > filebeat, redis, logstash and so on in lots of different configurations > but nothing really works. > > I can get rsyslog to talk directly to logstash (acting as a syslog > server) but the messages don't have facility or severity codes in them > which makes it considerably more difficult to manage the mes...

...020-07-10 at 16:44 -0400, Jason Edgecombe wrote: > I don't use ELK at the moment, but is this helpful? > > % journalctl -f --output=json > > The above command prints the continuous output of the systemd journal in > json format. > Thanks. The problem is getting that into logstash. But it's actually quite useful anyway as it's another method of monitoring what is supposed to be logged. P.

Hi All, here a few examples about how look ELK (ElasticSearch + Logstash + Kibana) stack with Icecast logs parsed. Last 7 days: http://bit.ly/1CHlhiS Last 30 days: http://bit.ly/1DgM5c2 If any be interested in try here is the Logstash config for parse the logs: http://bit.ly/1IbvYxI Some interesting filters that we use here, is remove any session lower of 60 seg, fil...

...ew of my personal favorites: CERN: http://youtu.be/-Ykb2j2ojYU Discovering and creating great Puppet Modules: http://youtu.be/aWqktlD62ks (talk actually starts at 4:45 min into video) State of the Community http://youtu.be/0_u_5RkVymE (I''m biased, since my job is Community) :) Logging: Logstash and other things: http://youtu.be/RuUFnog29M4 (should also win the best logo / mascot award) Note: I also cross-posted this (Bcc) to puppet-announce and puppet-dev, but if you have any questions or comments, let''s keep those here in puppet-users. Thanks, Dawn -- You received this messa...

Hi All. I've used syslog-ng for some time. I like it. I have a project in which I need to choose a central logging solution. What are your experiences with rsyslog? Is it more complex to setup than syslog-ng? Or maybe does it have some additional features? I am also thinking about using some gui tools for log parsing and graphing. May be proprietary/paid. Any suggestions? Best regards,

Hi, I was experimenting with Logstash + elasticsearch on FreeBSD 9 - initially I downloaded it by hand (I forgot to check for a port) and it worked fine. I then tried the port and this forced me to use a different java version (was jdk-16.0.3p4_25 now openjdk6-b27) and it seems that the new one causes a panic. Unfortunately crashdump...

...gi_params:scgi_param SERVER_NAME $server_name; uwsgi_params:uwsgi_param SERVER_NAME $server_name; It's more of an annoyance than any kind of real problem, as far as I can tell. Because the site I'm trying to put up with it appears to be working. I'm using this host as a logstash server. But does anybody have any ideas as to why this may be happening? Or of any potential problems that this may cause? Thanks, Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

Hi all, Due to a security breach at my office recently, we need to log successful / failed log-ins.? I've put in "log level = 3" in smb.conf on our active directory domain controller which seems to log what we need, however this is generating massive log files, due to it logging every file opening/closing by all users.? How do I log successful/failed log-ins without having to

I have a need to use a project management software package under Centos 6.6 and have started looking at ProjectLibre which is a Java package. Unfortunately it seems to have shortcomings when it comes to following up projects and my current understanding is that it falls short of Microsoft Project 2010, i.e., a previous version. Does anyone have experience with this type of software and what