Today I've setup my central rsyslog server to replay the logs via omudpspoof to a logstash server -> ES. It's already indexing about twice as much as just rsyslog -> ES was using the recipe in the first link below, and I haven't even begun to dig into the scads of plugins available for logstash.
http://blog.sematext.com/2013/07/01/recipe-rsyslog-elasticsearch-kibana/ is a good place to start, although you can replace the omelasticsearch OM with omudpspoof if you want to do logstash. http://cookbook.logstash.net/recipes/rsyslog-agent/ is a good place to start with rsyslog -> logstash, although I did UDP instead of TCP, and used the elasticsearch output module instead of stdout, which is documented here: http://cookbook.logstash.net/recipes/central-syslog/ Good luck to you! Those three links is basically all I needed, and should set you down the right path, regardless of how your path differs from mine ;) ----- Original Message ----- > From: "Orangepeel Beef" <[email protected]> > To: "rsyslog-users" <[email protected]> > Sent: Tuesday, April 8, 2014 2:17:42 PM > Subject: Re: [rsyslog] Rsyslog w/ logstash-elasticsearch-kibana server > > it works, but I find it overly complex for my environment. read: I > don't > need it ;) > On Apr 8, 2014 11:13 AM, "Josh Bitto" <[email protected]> wrote: > > > I have read about Redis as being the "broker" thoughts? > > > > > > > > -----Original Message----- > > From: [email protected] [mailto: > > [email protected]] On Behalf Of Orangepeel Beef > > Sent: Tuesday, April 08, 2014 11:11 AM > > To: rsyslog-users > > Subject: Re: [rsyslog] Rsyslog w/ logstash-elasticsearch-kibana > > server > > > > I use rsyslog to pipe into sec, and then use logstash file input to > > index. > > could be done without SEC as well. I don't like delivering syslog > > right > > into logstash. > > On Apr 8, 2014 11:09 AM, "Sphonic" <[email protected]> wrote: > > > > > I use rsyslog to send all items to logstash which has a syslog > > > listener enabled. > > > > > > Sent from my iPhone > > > > > > > On 8 Apr 2014, at 18:05, Josh Bitto <[email protected]> > > > > wrote: > > > > > > > > Hello Everyone, > > > > > > > > I'm wanting to setup a syslog server that combines the three > > > > programs > > > listed above with rsyslog. Has anyone had any success using this? > > > I'm > > > running on a CentOS 6.5 and finding adequate instructions on how > > > to > > > not only setup all three PLUS rsyslog has been somewhat of a > > > challenge. > > > > > > > > This issue that I run into is on how to get > > > > logstash/elasticsearch > > > > and > > > kibana to talk with rsyslog. Halp meh! Please! > > > > > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT > POST if you DON'T LIKE THAT. > -- Rick Brown Office of Information Technology Georgia Institute of Technology _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
