similar to: CentOS 7 rsyslog and ELK

On Fri, 10 Jul 2020 at 16:33, Pete Biggs <pete at biggs.org.uk> wrote: > > I asked a similar question about a year ago and didn't get any answers. > So I thought I'd try again. > Honestly, as much as I have heard of people using Elastic Kibana.. they are usually using it for things already in JSON. WHen I looked in the past I either found someone wanting me to set up a

I don't use ELK at the moment, but is this helpful? % journalctl -f --output=json The above command prints the continuous output of the systemd journal in json format. Jason --------------------------------------------------------------------------- Jason Edgecombe | Linux Administrator UNC Charlotte | Office of OneIT 9201 University City Blvd. | Charlotte, NC 28223-0001 Phone:

On Fri, 2020-07-10 at 16:44 -0400, Jason Edgecombe wrote: > I don't use ELK at the moment, but is this helpful? > > % journalctl -f --output=json > > The above command prints the continuous output of the systemd journal in > json format. > Thanks. The problem is getting that into logstash. But it's actually quite useful anyway as it's another method of

Hi All. I've used syslog-ng for some time. I like it. I have a project in which I need to choose a central logging solution. What are your experiences with rsyslog? Is it more complex to setup than syslog-ng? Or maybe does it have some additional features? I am also thinking about using some gui tools for log parsing and graphing. May be proprietary/paid. Any suggestions? Best regards,

TL;DR: Is there a sensible way to get rsyslog to talk to redis on CentOS 7. The official way is to use the omhiredis plugin, but that doesn't seem to exist in the CentOS 7 repositories? (It's how I do it on my Fedora box.) The long version: I'm trying to rationalise logging and am using an ELK stack. When I've done this in the past it has suffered badly from congestion at peak

Hi Thomas, > What's really nice is, that it understands the Icecast log format > extension where we record the duration of the connection in seconds. I can't take credit for that, the work was done by Alejandro: https://github.com/piwik/piwik/pull/65 Cheers! Daniel

Hallo, I try to send my centos 7 logfiles to an logstsah server. Can anyone give me an hint how to fix this problem? Thanks Ralf > {"index"=>{"_index"=>"%{[@metadata][comline]}-%{[@metadata][version]}", > "_type"=>"doc", "_id"=>"U1XLXGkBpfl5FoHeY4J8", "status"=>400, >

Hi all, Due to a security breach at my office recently, we need to log successful / failed log-ins.? I've put in "log level = 3" in smb.conf on our active directory domain controller which seems to log what we need, however this is generating massive log files, due to it logging every file opening/closing by all users.? How do I log successful/failed log-ins without having to

Hey guys, I'm trying to rotate a logstash log that can grow pretty large. 3.4GB last I saw! And that's because the logrotate script I came up with didn't work. The error I get on a syntax check is this: #logrotate -f logstash size: '100M': No such file size: '100M': No such file size: '100M': No such file size: '100M': No such file size:

Hi All, here a few examples about how look ELK (ElasticSearch + Logstash + Kibana) stack with Icecast logs parsed. Last 7 days: http://bit.ly/1CHlhiS Last 30 days: http://bit.ly/1DgM5c2 If any be interested in try here is the Logstash config for parse the logs: http://bit.ly/1IbvYxI Some interesting filters that we use here, is remove any session lower of 60 seg, filter bots, monitoring

I have one module, kibana, that defines a file snippet for the apache module to fulfill (e.g., /etc/https/conf.d/kibana.conf). The apache::params class defines a variable of the path of where this snippet should be placed, $config_d. The snippet uses this variable in its definition. However, it seems that the snippet never resolves the $apache::params::config_d variable, and I''m

puppet agent --verbose shows a verbose output of the changes done by puppet, such as: notice: /Stage[main]/Logstash::Config/Logstash::Configdir[agent]/File[/etc/logstash/agent/config]/owner: owner changed ''root'' to ''logstash'' notice: /Stage[main]/Varnish/Service[varnish]/ensure: ensure changed ''stopped'' to ''running''

Guys, I need to parse my dovecot log files with logstash grok patterns. Is there any document specifying the patterns used by dovecot to write it's logs? I need to find all the log possibilities that could be writed to log files by dovecot. So, if a document like that exists or if anyone could answer my question, I'll could make the parser with less difficult. -- Att. Bruno

Peter Eckel wrote: > Hi all, > > I know this comes from upstream (and most likely from the rsyslog project itself), but what's your opinion about Google Ads in system documentation files? > >> [peckel at mucnvjmppmtr01 ~]$ cat /etc/redhat-release >> Red Hat Enterprise Linux Server release 6.7 (Santiago) >> [peckel at mucnvjmppmtr01 ~]$ grep google

Hello dovecot-users, I am currently playing with Elastics ELK stack and was kind of surprised to NOT yet find a good set of GROK or KV pattern to parse dovecots lush and information rich logs. The last post regarding this endeavor was in 2014 (http://www.dovecot.org/list/dovecot/2014-June/096589.html), which "only" extracts the key->value pairs but not other parts of the log lines.

Hi all! Is anybody here using rsyslog? I am looking for the right solution how to use rsyslog in CentOS 5 as the default logging daemon. We use it because of filtering using regular expressions. I switched from sysklogd to rsyslog simply using chkconfig --del syslog chkconfig --add rsyslog chkconfig rsyslog on service syslog stop service rsyslog start but this seems not to be

Hello, I'm trying to send Dovecot logs to a Graylog server. To do this, I'd like to pass logs to rsyslog and rsyslog pass logs to remote Graylog server. I set in dovecot.conf : syslog_facility = local5.info I set in rsyslog.conf : local5.info @192.168.xxx.xxx:5555 Restarted services and it doesn't work. I use nmap to test if port 5555 is opened and this port is open. What

I have a need to use a project management software package under Centos 6.6 and have started looking at ProjectLibre which is a Java package. Unfortunately it seems to have shortcomings when it comes to following up projects and my current understanding is that it falls short of Microsoft Project 2010, i.e., a previous version. Does anyone have experience with this type of software and what

Dear CentOS folk, I've been try to solve one issue with rsyslog on CentOS 6, but can't figure it out. I've searched through rsyslog documentation, and used Google but not found anything that matches my issue. I'm sending output of a program to rsyslog using "logger -t progname". I've got the following config snippet in /etc/rsyslog.d: $FileCreateMode 0644 if

centos 6.4, setup to be syslog server. Doing remote syslog using tcp works fine, so now want to add relp. I installed the rsyslog-relp package and told rsyslog.conf to use it: # RELP Syslog Server: $ModLoad imrelp # provides RELP syslog reception $InputRELPServerRun 20514 when I restart rsyslog I am told it does not like my InputRELPServerRun line: Oct 28 13:43:54 scan rsyslogd: [origin