This shows you the differences between two versions of the page.
syslogngek [2015/10/02 15:41] ian created |
syslogngek [2020/02/13 22:55] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Syslog-ng / Elasticsearch / Kibana ====== | ||
- | |||
- | Syslog-ng can send logs directly to elasticsearch, | ||
- | |||
- | < | ||
- | I am using Ubuntu 14.04 LTS Server. | ||
- | </ | ||
- | |||
- | ====== Installation ====== | ||
- | |||
- | ===== Syslog-ng ===== | ||
- | |||
- | Install syslog-ng, this will replace the current rsyslog. | ||
- | |||
- | < | ||
- | :~# aptitude install syslog-ng | ||
- | </ | ||
- | |||
- | < | ||
- | Syslog-ng 3.7 can run elasticsearch directly, because the version in Ubuntu 14.04 is 3.5 we use a glue module. | ||
- | </ | ||
- | |||
- | < | ||
- | :~# cd /usr/src | ||
- | |||
- | :/usr/src# wget http:// | ||
- | |||
- | :/usr/src# dpkg -i syslog-ng-mod-elasticsearch_0.3.3-1build1_all.deb | ||
- | </ | ||
- | |||
- | ===== ElasticSearch ===== | ||
- | |||
- | https:// | ||
- | |||
- | < | ||
- | :~# wget -qO - https:// | ||
- | |||
- | :~# echo "deb http:// | ||
- | |||
- | :~# aptitude update && aptitude install elasticsearch default-jre-headless | ||
- | |||
- | :~# update-rc.d elasticsearch defaults 95 10 | ||
- | |||
- | :~# service elasticsearch start | ||
- | * Starting Elasticsearch Server | ||
- | </ | ||
- | |||
- | ===== Kibana ===== | ||
- | |||
- | https:// | ||
- | |||
- | < | ||
- | :~# cd /usr/src | ||
- | |||
- | :/usr/src# wget -c https:// | ||
- | |||
- | :/usr/src# cd /usr/local/ | ||
- | |||
- | :/ | ||
- | |||
- | :/ | ||
- | |||
- | :/ | ||
- | |||
- | :/ | ||
- | </ | ||
- | |||
- | ====== Configuration ====== | ||
- | |||
- | ===== Syslog-ng ===== | ||
- | |||
- | **/ | ||
- | < | ||
- | @include " | ||
- | |||
- | destination d_elastic { | ||
- | | ||
- | | ||
- | ); | ||
- | }; | ||
- | |||
- | log { | ||
- | source(s_src); | ||
- | destination(d_elastic); | ||
- | flags(flow-control); | ||
- | }; | ||
- | </ | ||
- | |||
- | < | ||
- | :~# service syslog-ng reload | ||
- | * Reload system logging syslog-ng | ||
- | </ | ||
- | |||
- | |||
- | ===== Kibana ===== | ||
- | |||
- | Visit your kibana URL http:// | ||
- | |||
- | Set your index pattern to syslog-ng to match the index() of syslog-ng. | ||
- | |||
- | Start by clicking on the // | ||