Displaying 20 results from an estimated 2000 matches similar to: "CentOS 7 rsyslog and ELK"
2020 Jul 10
0
CentOS 7 rsyslog and ELK
On Fri, 10 Jul 2020 at 16:33, Pete Biggs <pete at biggs.org.uk> wrote:
>
> I asked a similar question about a year ago and didn't get any answers.
> So I thought I'd try again.
>
Honestly, as much as I have heard of people using Elastic Kibana..
they are usually using it for things already in JSON. WHen I looked in
the past I either found someone wanting me to set up a
2020 Jul 10
0
CentOS 7 rsyslog and ELK
I don't use ELK at the moment, but is this helpful?
% journalctl -f --output=json
The above command prints the continuous output of the systemd journal in
json format.
Jason
---------------------------------------------------------------------------
Jason Edgecombe | Linux Administrator
UNC Charlotte | Office of OneIT
9201 University City Blvd. | Charlotte, NC 28223-0001
Phone:
2020 Jul 10
1
CentOS 7 rsyslog and ELK
On Fri, 2020-07-10 at 16:44 -0400, Jason Edgecombe wrote:
> I don't use ELK at the moment, but is this helpful?
>
> % journalctl -f --output=json
>
> The above command prints the continuous output of the systemd journal in
> json format.
>
Thanks. The problem is getting that into logstash. But it's actually
quite useful anyway as it's another method of
2013 Nov 06
3
syslog-ng or rsyslog?
Hi All.
I've used syslog-ng for some time. I like it. I have a project in which I
need to choose a central logging solution. What are your experiences with
rsyslog? Is it more complex to setup than syslog-ng? Or maybe does it have
some additional features?
I am also thinking about using some gui tools for log parsing and graphing.
May be proprietary/paid. Any suggestions?
Best regards,
2019 Feb 09
0
CentOS 7, rsyslog and redis
TL;DR:
Is there a sensible way to get rsyslog to talk to redis on CentOS 7.
The official way is to use the omhiredis plugin, but that doesn't seem
to exist in the CentOS 7 repositories? (It's how I do it on my Fedora
box.)
The long version:
I'm trying to rationalise logging and am using an ELK stack. When I've
done this in the past it has suffered badly from congestion at peak
2014 Feb 20
2
Icecast statistics dashboard with Piwik
Hi Thomas,
> What's really nice is, that it understands the Icecast log format
> extension where we record the duration of the connection in seconds.
I can't take credit for that, the work was done by Alejandro:
https://github.com/piwik/piwik/pull/65
Cheers!
Daniel
2019 Mar 08
1
syslog / logstah problem with timestamp
Hallo,
I try to send my centos 7 logfiles to an logstsah server.
Can anyone give me an hint how to fix this problem?
Thanks
Ralf
> {"index"=>{"_index"=>"%{[@metadata][comline]}-%{[@metadata][version]}",
> "_type"=>"doc", "_id"=>"U1XLXGkBpfl5FoHeY4J8", "status"=>400,
>
2020 Sep 16
3
Logging successful log-ins
Hi all,
Due to a security breach at my office recently, we need to log
successful / failed log-ins.? I've put in "log level = 3" in smb.conf on
our active directory domain controller which seems to log what we need,
however this is generating massive log files, due to it logging every
file opening/closing by all users.? How do I log successful/failed
log-ins without having to
2016 Mar 06
2
logrotate script error
Hey guys,
I'm trying to rotate a logstash log that can grow pretty large. 3.4GB last
I saw!
And that's because the logrotate script I came up with didn't work.
The error I get on a syntax check is this:
#logrotate -f logstash
size: '100M': No such file
size: '100M': No such file
size: '100M': No such file
size: '100M': No such file
size:
2015 Apr 15
0
Icecast statistics dashboard with Piwik
Hi All, here a few examples about how look ELK (ElasticSearch + Logstash +
Kibana) stack with Icecast logs parsed.
Last 7 days: http://bit.ly/1CHlhiS
Last 30 days: http://bit.ly/1DgM5c2
If any be interested in try here is the Logstash config for parse the logs:
http://bit.ly/1IbvYxI
Some interesting filters that we use here, is remove any session lower of
60 seg, filter bots, monitoring
2013 Jan 28
18
Referencing a variable from one class in another
I have one module, kibana, that defines a file snippet for the apache
module to fulfill (e.g., /etc/https/conf.d/kibana.conf). The apache::params
class defines a variable of the path of where this snippet should be
placed, $config_d. The snippet uses this variable in its definition.
However, it seems that the snippet never resolves the
$apache::params::config_d variable, and I''m
2013 Nov 26
37
get a *structured* version of the puppet agent output
puppet agent --verbose shows a verbose output of the changes done by
puppet, such as:
notice:
/Stage[main]/Logstash::Config/Logstash::Configdir[agent]/File[/etc/logstash/agent/config]/owner:
owner changed ''root'' to ''logstash''
notice: /Stage[main]/Varnish/Service[varnish]/ensure: ensure changed
''stopped'' to ''running''
2014 Jun 10
1
Parse dovecot 2.2 logs with logstash
Guys,
I need to parse my dovecot log files with logstash grok patterns. Is
there any document specifying the patterns used by dovecot to write it's
logs?
I need to find all the log possibilities that could be writed to log
files by dovecot. So, if a document like that exists or if anyone could
answer my question, I'll could make the parser with less difficult.
--
Att.
Bruno
2015 Nov 24
3
Google Ads in rsyslog documentation files
Peter Eckel wrote:
> Hi all,
>
> I know this comes from upstream (and most likely from the rsyslog
project itself), but what's your opinion about Google Ads in system
documentation files?
>
>> [peckel at mucnvjmppmtr01 ~]$ cat /etc/redhat-release
>> Red Hat Enterprise Linux Server release 6.7 (Santiago)
>> [peckel at mucnvjmppmtr01 ~]$ grep google
2015 Dec 02
0
Logstash pattern (GROK, KV, ...) to parse dovecot logs anyone?
Hello dovecot-users,
I am currently playing with Elastics ELK stack and was kind of surprised to NOT
yet find a good set of GROK or KV pattern to parse dovecots lush and information
rich logs.
The last post regarding this endeavor was in 2014
(http://www.dovecot.org/list/dovecot/2014-June/096589.html), which "only"
extracts the key->value pairs but not other parts of the log lines.
2010 Nov 26
1
rsyslog as default syslog daemon?
Hi all!
Is anybody here using rsyslog? I am looking for the right solution how
to use rsyslog in CentOS 5 as the default logging daemon. We use it
because of filtering using regular expressions.
I switched from sysklogd to rsyslog simply using
chkconfig --del syslog
chkconfig --add rsyslog
chkconfig rsyslog on
service syslog stop
service rsyslog start
but this seems not to be
2016 Feb 05
4
Send Dovecot logs to rsyslog
Hello,
I'm trying to send Dovecot logs to a Graylog server.
To do this, I'd like to pass logs to rsyslog and rsyslog pass logs to
remote Graylog server.
I set in dovecot.conf : syslog_facility = local5.info
I set in rsyslog.conf : local5.info @192.168.xxx.xxx:5555
Restarted services and it doesn't work.
I use nmap to test if port 5555 is opened and this port is open.
What
2015 May 30
3
Project Management Software
I have a need to use a project management software package under Centos 6.6 and have started looking at ProjectLibre which is a Java package.
Unfortunately it seems to have shortcomings when it comes to following up projects and my current understanding is that it falls short of Microsoft Project 2010, i.e., a previous version.
Does anyone have experience with this type of software and what
2016 Feb 29
1
Discarding empty lines in rsyslog
Dear CentOS folk,
I've been try to solve one issue with rsyslog on CentOS 6, but can't
figure it out. I've searched through rsyslog documentation, and used
Google but not found anything that matches my issue.
I'm sending output of a program to rsyslog using "logger -t progname".
I've got the following config snippet in /etc/rsyslog.d:
$FileCreateMode 0644
if
2013 Oct 28
1
rsyslog not loading relp
centos 6.4, setup to be syslog server. Doing remote syslog using tcp
works fine, so now want to add relp. I installed the rsyslog-relp
package and told rsyslog.conf to use it:
# RELP Syslog Server:
$ModLoad imrelp # provides RELP syslog reception
$InputRELPServerRun 20514
when I restart rsyslog I am told it does not like my InputRELPServerRun line:
Oct 28 13:43:54 scan rsyslogd: [origin