In addition to LogStash/Kibana, perhaps you want to look at something that just sends the events to statsd (https://github.com/etsy/statsd/) which then aggregates them into counters and ships the results to Graphite ( http://graphite.wikidot.com/).
I have have yet to get personal experience with LogStash "under fire", but my hunch is that statsd+graphite are more lightweight for your purposes. On 14 February 2013 12:03, David Gillies <[email protected]> wrote: > On 14/02/13 11:48, Chris Barnes wrote: > > Hi everyone, > > > > my firewall logs everything to a syslog server - new connections, > > terminated connections, etc > > > > basically what im trying to do is analyse the syslog in realtime looking > > for a specific string which indicates a new connection has been > > established, and to count the number of occurrences of that string to get > > an idea of how many connections per minute im getting for a particular > > internet service so that I can graph it. > > > > An example of the significant line in syslog im looking for is: > > > > Feb 14 11:42:52 10.1.1.1 : Feb 14 11:19:47 EDT: %PIX-session-6-302015: > > Built inbound UDP connection 3523357 for Outside:124.178.41.91/123 ( > > 124.178.41.91/123) to svrdmz:NTP/123 (NTP/123) > > > > I can use the following to watch the log for the specific event > > > > tail -f /var/log/syslog | grep "to svrdmz:NTP/123 (NTP/123)" > > > > > > But I cant figure out a way to programatically count how many of these > > events occur per minute. > > > > any suggestions? > > > logstash and kibana (logstash web frontend) > > logstash: http://logstash.net/ > kibana: http://kibana.org/ <http://kibana.org/> > > Also relevant, the Logstash Book by James Turnbull: > http://www.logstashbook.com/ > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- [image: View my profile on LinkedIn] <http://www.linkedin.com/in/gliderflyer> -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
