On Tue, 8 Apr 2014, Rick Brown wrote:
Today I've setup my central rsyslog server to replay the logs via omudpspoof
to a logstash server -> ES. It's already indexing about twice as much as just
rsyslog -> ES was using the recipe in the first link below, and I haven't even
begun to dig into the scads of plugins available for logstash.
Interesting, a couple of questions
1. why did you need udpspoof
2. you say that you are getting logs into ES faster rsyslog -> logstash -> ES
than you were rsyslog -> ES, this is surprising. This is something that it
sounds like we should dig into, rsyslog -> ES should be faster.
Is there any way we can recreate the rsyslog -> ES setup to find the bottleneck?
David Lang
http://blog.sematext.com/2013/07/01/recipe-rsyslog-elasticsearch-kibana/ is a
good place to start, although you can replace the omelasticsearch OM with
omudpspoof if you want to do logstash.
http://cookbook.logstash.net/recipes/rsyslog-agent/ is a good place to start with
rsyslog -> logstash, although I did UDP instead of TCP, and used the
elasticsearch output module instead of stdout, which is documented here:
http://cookbook.logstash.net/recipes/central-syslog/
Good luck to you! Those three links is basically all I needed, and should set
you down the right path, regardless of how your path differs from mine ;)
----- Original Message -----
From: "Orangepeel Beef" <[email protected]>
To: "rsyslog-users" <[email protected]>
Sent: Tuesday, April 8, 2014 2:17:42 PM
Subject: Re: [rsyslog] Rsyslog w/ logstash-elasticsearch-kibana server
it works, but I find it overly complex for my environment. read: I
don't
need it ;)
On Apr 8, 2014 11:13 AM, "Josh Bitto" <[email protected]> wrote:
I have read about Redis as being the "broker" thoughts?
-----Original Message-----
From: [email protected] [mailto:
[email protected]] On Behalf Of Orangepeel Beef
Sent: Tuesday, April 08, 2014 11:11 AM
To: rsyslog-users
Subject: Re: [rsyslog] Rsyslog w/ logstash-elasticsearch-kibana
server
I use rsyslog to pipe into sec, and then use logstash file input to
index.
could be done without SEC as well. I don't like delivering syslog
right
into logstash.
On Apr 8, 2014 11:09 AM, "Sphonic" <[email protected]> wrote:
I use rsyslog to send all items to logstash which has a syslog
listener enabled.
Sent from my iPhone
On 8 Apr 2014, at 18:05, Josh Bitto <[email protected]>
wrote:
Hello Everyone,
I'm wanting to setup a syslog server that combines the three
programs
listed above with rsyslog. Has anyone had any success using this?
I'm
running on a CentOS 6.5 and finding adequate instructions on how
to
not only setup all three PLUS rsyslog has been somewhat of a
challenge.
This issue that I run into is on how to get
logstash/elasticsearch
and
kibana to talk with rsyslog. Halp meh! Please!
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
