On 08/06/2014 10:43 PM, Sebastian Grewe wrote:
As long as you feed ELK from logstash by reading logs there is no reason that you couldn't attach fail2ban to the same logs. If you plan to forward logs to elk without local files being written you will have problems.
That's what I was thinking. I'd like to (at least be able to) send files to a central server with no local logs. I'm thinking I'll need to 'tee' off whatever f2b needs, let it process then dispose of them. I don't see this as 'problems' as much as 'challenges'. ;)
I have been doing a lot on ELK lately. It's a great system and Kibana Dashboards look awesome;-)
That's my understanding. Should be sweet. I'm hoping that we can dispose of qmailmrtg and isoqlog once ELK's in place. Am I off base here?
Thanks. -- -Eric 'shubes' --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
