Re: [CentOS] CentOS 7 rsyslog and ELK
On 7/10/20 3:51 PM, Pete Biggs wrote: On Fri, 2020-07-10 at 16:44 -0400, Jason Edgecombe wrote: I don't use ELK at the moment, but is this helpful? % journalctl -f --output=json The above command prints the continuous output of the systemd journal in json format. Thanks. The problem is getting that into logstash. But it's actually quite useful anyway as it's another method of monitoring what is supposed to be logged. P. Along this line there is journalbeat. -- Orion Poplawski Manager of NWRA Technical Systems 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 https://www.nwra.com/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 rsyslog and ELK
> > What do people do to get their syslog messages on CentOS 7 into a > remote ELK stack. I've tried lots of things involving rsyslog, > filebeat, redis, logstash and so on in lots of different > configurations > but nothing really works. I did this a couple times, I will share the configs in couple of days. signature.asc Description: This is a digitally signed message part ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 rsyslog and ELK
On Fri, 2020-07-10 at 16:44 -0400, Jason Edgecombe wrote: > I don't use ELK at the moment, but is this helpful? > > % journalctl -f --output=json > > The above command prints the continuous output of the systemd journal in > json format. > Thanks. The problem is getting that into logstash. But it's actually quite useful anyway as it's another method of monitoring what is supposed to be logged. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 rsyslog and ELK
> > What do people do to get their syslog messages on CentOS 7 into a > > remote ELK stack. I've tried lots of things involving rsyslog, > > filebeat, redis, logstash and so on in lots of different configurations > > but nothing really works. > > > > I can get rsyslog to talk directly to logstash (acting as a syslog > > server) but the messages don't have facility or severity codes in them > > which makes it considerably more difficult to manage the messages. > > > > The section "b – Routing from rsyslog to Logstash" of the article > seems to cover a filter that needs to be added. You may have already > tried this.. but that is about all i can help with currently. > Thanks. Yes, I was trying to get rsyslog to send JSON to logstash and I have tried that template. A bit more investigation though and it turns out that the firewall on the logstash server was only letting through tcp packets and it needs udp. Now I've fixed that, they appear to be talking to each other, but it certainly doesn't seem to be logging everything. Progress of sorts! P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 rsyslog and ELK
I don't use ELK at the moment, but is this helpful? % journalctl -f --output=json The above command prints the continuous output of the systemd journal in json format. Jason --- Jason Edgecombe | Linux Administrator UNC Charlotte | Office of OneIT 9201 University City Blvd. | Charlotte, NC 28223-0001 Phone: 704-687-1943 jwedg...@uncc.edu | http://engr.uncc.edu | Facebook --- If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is strictly prohibited. If you have received this transmission in error, please notify me immediately by reply e-mail or by telephone at 704-687-1943. Thank you. On Fri, Jul 10, 2020 at 4:33 PM Pete Biggs wrote: > I asked a similar question about a year ago and didn't get any answers. > So I thought I'd try again. > > What do people do to get their syslog messages on CentOS 7 into a > remote ELK stack. I've tried lots of things involving rsyslog, > filebeat, redis, logstash and so on in lots of different configurations > but nothing really works. > > I can get rsyslog to talk directly to logstash (acting as a syslog > server) but the messages don't have facility or severity codes in them > which makes it considerably more difficult to manage the messages. > > P. > > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 rsyslog and ELK
On Fri, 10 Jul 2020 at 16:33, Pete Biggs wrote: > > I asked a similar question about a year ago and didn't get any answers. > So I thought I'd try again. > Honestly, as much as I have heard of people using Elastic Kibana.. they are usually using it for things already in JSON. WHen I looked in the past I either found someone wanting me to set up a 20 node cluster to monitor logs or someone sayin they had but nothing in it. I was going to say I didn't know but decided to look again and I found this article https://devconnected.com/monitoring-linux-logs-with-kibana-and-rsyslog/ > What do people do to get their syslog messages on CentOS 7 into a > remote ELK stack. I've tried lots of things involving rsyslog, > filebeat, redis, logstash and so on in lots of different configurations > but nothing really works. > > I can get rsyslog to talk directly to logstash (acting as a syslog > server) but the messages don't have facility or severity codes in them > which makes it considerably more difficult to manage the messages. > The section "b – Routing from rsyslog to Logstash" of the article seems to cover a filter that needs to be added. You may have already tried this.. but that is about all i can help with currently. > P. > > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- Stephen J Smoogen. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 7 rsyslog and ELK
I asked a similar question about a year ago and didn't get any answers. So I thought I'd try again. What do people do to get their syslog messages on CentOS 7 into a remote ELK stack. I've tried lots of things involving rsyslog, filebeat, redis, logstash and so on in lots of different configurations but nothing really works. I can get rsyslog to talk directly to logstash (acting as a syslog server) but the messages don't have facility or severity codes in them which makes it considerably more difficult to manage the messages. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
