Mr Zesty's BrainDump

User Tools

Site Tools

Trace:
syslogngek

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

syslogngek [2015/10/21 16:24]
ian [ElasticSearch] 		syslogngek [2020/02/13 22:55]
Line 1: Line 1:
-====== Syslog-ng / Elasticsearch / Kibana ====== 
- 
-Elasticsearch is used index and make all logs searchable. 
- 
-Kibana provides a web interface to the search and configure visualization. 
- 
-Syslog-ng can send logs directly to elasticsearch, so the setup is like ELK without using logstash. 
- 
-<note> 
-I am using Ubuntu 14.04 LTS Server. 
-</note> 
- 
-====== Installation ====== 
- 
-===== Syslog-ng ===== 
- 
-Install syslog-ng, this will replace the current rsyslog. 
- 
-<code> 
-:~# aptitude install syslog-ng 
-</code> 
- 
-<note tip> 
-Syslog-ng 3.7 can run elasticsearch directly, because the version in Ubuntu 14.04 is 3.5 we use a glue module. 
-</note> 
- 
-Code: 
-[[https://bitbucket.org/snippets/iansamuel/LLEag]] 
- 
-<code> 
-puppet apply /etc/puppet/manifests/syslog-ng-mod-elasticsearch.pp 
-</code> 
- 
-===== ElasticSearch / Kibana ===== 
- 
-https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-repositories.html 
- 
-Code: https://bitbucket.org/snippets/iansamuel/yqj5k 
- 
- 
-===== Kibana ===== 
- 
-https://www.elastic.co/downloads/kibana 
- 
-<code> 
-:~# cd /usr/src 
- 
-:/usr/src# wget -c https://download.elastic.co/kibana/kibana/kibana-4.1.2-linux-x64.tar.gz 
- 
-:/usr/src# cd /usr/local/ 
- 
-:/usr/local# tar xvzf /usr/src/kibana-*gz 
- 
-:/usr/local# ln -s kibana-4.1.2-linux-x64 kibana 
- 
-:/usr/local# echo "/usr/local/kibana/bin/kibana | logger -t kibana &" >> /etc/rc.local 
- 
-:/usr/local# /usr/local/kibana/bin/kibana | logger -t kibana & 
-</code> 
- 
-====== Configuration ====== 
- 
-===== Syslog-ng ===== 
- 
-**/etc/syslog-ng/conf.d/elasticsearch.conf**: 
-<code> 
-@include "scl/elasticsearch/plugin.conf" 
- 
-destination d_elastic { 
-       elasticsearch( 
-         index("syslog-ng") 
-       ); 
-}; 
- 
-log { 
-    source(s_src); 
-    destination(d_elastic); 
-    flags(flow-control); 
-}; 
-</code> 
- 
-<code> 
-:~# service syslog-ng reload  
- * Reload system logging syslog-ng 
-</code> 
- 
- 
-===== Kibana ===== 
- 
-Visit your kibana URL http://hostname:5601/ 
- 
-Set your index pattern to syslog-ng to match the index() of syslog-ng. 
- 
-Start by clicking on the //Discover// tab to verify your syslog data is being captured and categorized correctly. 
  
syslogngek.txt ยท Last modified: 2020/02/13 22:55 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki
free spam filter