@Antonio: I use email output for a particular pattern in a log. But for example, when a particular logs comes more than 5 times, for alerting for this a state needs to be maintained which is not there in logstash.
I don't know about OSSEC. But how to use it to achieve the above? Presently logstash reads logs, ES stores it and kibana presents it. How OSSEC fits here? On Monday, 23 June 2014 15:50:36 UTC+5:30, Antonio Augusto Santos wrote: > > The solutions I've seen for things like this in ELK usually are on the > lines of using logstash to reparse the logs in ES and use some output > (e-mail, nagios, Zabbix) to do the alerting. > > For now I've stick with using OSSEC (www.ossec.net) to do my alerting and > "just" use ELK for log analysis. > > On Monday, June 23, 2014 5:50:22 AM UTC-3, Siddharth Trikha wrote: >> >> We are using the `ELK stack (logstash, elasticsearch, kibana)` to analyze >> our logs. So far, so good. >> >> But now we want notification generation on some particular kind of logs. >> Eg When a login failed logs comes more than 5 times (threshold crossed) an >> email to be sent to the sysadmin. >> >> I looked up online and heard about `statsd`, `riemann`, `nagios`, >> `metric` filter (logstash) to achieve our requirement. >> >> Can anyone suggest which fits best with ELK stack?? I am new to this. >> Thanks >> > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/7ad5d8cf-41a8-4cbf-b4ba-90de0dba80c0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
