<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class=""><br class=""></div><div class=""><div class=""><a href="https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=kibana dashboard template" class="">https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=kibana%20dashboard%20template</a></div></div><div class=""><br class=""></div><div class="">May have misspoke. Using ELK and patterndb.xml is new to me and I am still trying to learn the mechanics. </div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""> I started by looking at Google for Kibana dashboard templates, one of the better results here. </div><div class=""><a href="https://github.com/markwalkom/kibana-dashboards" class="">https://github.com/markwalkom/kibana-dashboards</a> Most of the kibana json templates I have seen on the net are setup for a logstash-* “index” ?. </div><div class=""><br class=""></div><div class="">I’m trying to set Syslog-ng-> ELK up in my “spare time” at work. So time and ease of setup and support community size are big considerations. I want to enable GeoIP for ASA data, NetFlow data and be able to leverage existing templates logstash or patterndb for common applications. Apache, Linux Syslog, Storage syslog, etc… </div><div class=""><br class=""></div><div class=""><br class=""></div><br class=""><div><blockquote type="cite" class=""><div class="">On Apr 20, 2016, at 2:13 PM, Scheidler, Balázs <<a href="mailto:balazs.scheidler@balabit.com" class="">balazs.scheidler@balabit.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><p dir="ltr" class="">Can you pls point me to the direction of the logstash material you mentioned? I would be interested in them whether it'd be possible to port them over.</p>
<div class="gmail_quote">On Apr 20, 2016 7:00 PM, "Scot Needy" <<a href="mailto:scotrn@gmail.com" class="">scotrn@gmail.com</a>> wrote:<br type="attribution" class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class=""><div class="">Some thoughts on my deployment</div><div class=""><br class=""></div><div class=""><b class="">Logstash</b></div><div class="">I think I’m going to need to re-introduce logstash just to leverage the existing open source material of logstash filters and Kibana desktops. </div><div class="">VMware, ASA for example but wanted more real time data. I could probably do the realtime tags with pattendb. </div><div class=""> </div><div class=""><b class="">syslog-ng counters</b> </div><div class="">We use an IPAM API to create unique filters, log and destination conf files. The goal was to get unique syslog counters for every VLAN realtime directly from syslog-ng-ctl stats.. </div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">@include IPAM-filters</div><div class=""><div class="">filter f_192_168_252_0 { netmask(<a href="http://192.168.252.0/24);" target="_blank" class="">192.168.252.0/24);</a>};</div><div class="">filter f_192_168_253_0 { netmask(<a href="http://192.168.253.0/24);" target="_blank" class="">192.168.253.0/24);</a>};</div><div class="">filter f_192_168_254_0 { netmask(<a href="http://192.168.254.0/30);" target="_blank" class="">192.168.254.0/30);</a>};</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">@include IPAM-dest.conf</div><div class=""><div class="">destination d_192_168_252_0 { file(/opt/syslog-ng/logs/192_168_252_0/$YEAR$MONTH$DAY-$HOUR-$HOST.log);};</div><div class="">destination d_192_168_253_0 { file(/opt/syslog-ng/logs/192_168_253_0/$YEAR$MONTH$DAY-$HOUR-$HOST.log);};</div><div class="">destination d_192_168_254_0 { file(/opt/syslog-ng/logs/192_168_254_0/$YEAR$MONTH$DAY-$HOUR-$HOST.log);};</div></div><div class=""><br class=""></div><div class="">@include IPAM-log.conf</div><div class=""><div class="">log { source(s_net); filter(f_192_168_252_0); destination(d_192_168_252_0);};</div><div class="">log { source(s_net); filter(f_192_168_253_0); destination(d_192_168_253_0);};</div><div class="">log { source(s_net); filter(f_192_168_254_0); destination(d_192_168_254_0);};</div><div class="">log { source(s_net); filter(f_192_168_254_4); destination(d_192_168_254_4);};</div></div><div class=""><br class=""></div><div class=""><br class=""></div><br class=""><div class=""><blockquote type="cite" class=""><div class="">On Apr 20, 2016, at 11:18 AM, Scot Needy <<a href="mailto:scotrn@gmail.com" target="_blank" class="">scotrn@gmail.com</a>> wrote:</div><br class=""><div class=""><br class=""><br class="">Hi, <br class=""><br class=""> Does anyone have links or care to share notes on making a syslog-ng -> ELK scale for enterprise ? <br class=""><br class="">I have some ideas and will gladly share my solution but also don’t want to spend days figuring these things out that have already been built. <br class="">There are many ELK specific references but I also want to make sure the model fits the syslog workload. <br class=""><br class=""><br class="">Thanks <br class=""><br class=""></div></blockquote></div><br class=""></div><br class="">______________________________________________________________________________<br class="">
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank" class="">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br class="">
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank" class="">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br class="">
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank" class="">http://www.balabit.com/wiki/syslog-ng-faq</a><br class="">
<br class="">
<br class=""></blockquote></div>
______________________________________________________________________________<br class="">Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" class="">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br class="">Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" class="">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br class="">FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" class="">http://www.balabit.com/wiki/syslog-ng-faq</a><br class=""><br class=""></div></blockquote></div><br class=""></body></html>