Just catching up on this thread. Most folks don't run into any problems with ELSA installs, but it depends on the environment. Generally, the installer works in almost all environments, especially if the server build is new. The install is unattended and takes about 20 minutes, so I encourage you to give it a shot. If you haven't seen it already, I've recently added shareable dashboards with very easy-to-create multi-data-series charts: http://ossectools.blogspot.com/2012/08/elsa-gets-dashboards.html . As always, if you run into any problems or have questions, hit us up on the ELSA list at http://groups.google.com/group/enterprise-log-search-and-archive . On Thu, Aug 16, 2012 at 8:12 AM, Clayton Dukes <cdukes@gmail.com> wrote:
There are programs out there that will do all of this for you, some are even free. LogZilla has a small network edition that is free. There's a VMWare image available that you can have up and running in just a few minutes. http://www.logzilla.pro/downloads
______________________________________________________________
Clayton Dukes ______________________________________________________________
On Thu, Aug 16, 2012 at 8:16 AM, James McDonald <jmcdonald@lce.com> wrote:
Thanks for the info. Do you know where I could find a list of tables, specific to syslog-ng, to populate the database with? I haven’t created the db yet, mainly because I’m not sure what tables are available for syslog info to populate
From: Clayton Dukes [mailto:cdukes@gmail.com] Sent: Wednesday, August 15, 2012 4:40 PM
To: James McDonald Cc: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] syslog-ng with MySQL
Just send from all your remote syslog-ng boxes to a local syslog-ng receiver.
Then just use that local syslog-ng to send to mysql.
Here's an example of client and server configs in the LogZilla forums:
http://forum.logzilla.pro/index.php/topic,482.msg2468.html#msg2468
But basically, you just configure a destination in the client pointing to the syslog-ng server. (I recommend using tcp)
then, in the server, set the destination as mysql.
______________________________________________________________
Clayton Dukes ______________________________________________________________
On Wed, Aug 15, 2012 at 12:24 PM, James McDonald <jmcdonald@lce.com> wrote:
Do you have syslog-NG sending logs to a separate MySQL server, or do you have MySQL installed on the same server as syslog-NG? Since we have multiple syslog-NG servers, we were trying to centralize everything on a MySQL server and then make that db searchable. I was hoping to get some direction on how to have everything sent to the MySQL db server. That’s my first hurdle
From: Clayton Dukes [mailto:cdukes@gmail.com] Sent: Wednesday, August 15, 2012 12:17 PM To: James McDonald Cc: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] syslog-ng with MySQL
It works fine on Redhat, but the Redhat Repo's have old versions of MySQL and PHP so you need to manually download the binaries from MySQL and Zend.
______________________________________________________________
Clayton Dukes ______________________________________________________________
On Wed, Aug 15, 2012 at 12:12 PM, James McDonald <jmcdonald@lce.com> wrote:
We are using Red Hat for all of our Linux boxes. We update them monthly, but Red Hat was listed as a liability on the Logzilla website. Are you using Red Hat or Ubuntu?
From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Clayton Dukes Sent: Wednesday, August 15, 2012 11:35 AM
To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] syslog-ng with MySQL
You can also try LogZilla (http://www.logzilla.pro).
______________________________________________________________
Clayton Dukes ______________________________________________________________
On Wed, Aug 15, 2012 at 11:26 AM, James McDonald <jmcdonald@lce.com> wrote:
I read through the comments and it seems people are having problems with the install and/or getting queries to run. I currently have syslog-NG version 4.1 and MySQL version 5.5.25. Will the installer error out, since it’s based on older versions of those two programs?
From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Erol Blakely Sent: Wednesday, August 15, 2012 10:53 AM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] syslog-ng with MySQL
We are trying this out and so far it has been working nicely:
http://code.google.com/p/enterprise-log-search-and-archive/
On 2012-08-15, at 10:47 AM, James McDonald wrote:
Trying to incorporate a MySQL db (on a separate server) with my two syslog-ng servers, so that the logs can be searchable. Does anyone have any experience with this? Any tips or documentation would be helpful. I didn't find a whole lot on the Balabit website when I searched for it.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
--
Erol Blakely - erol@easydns.com
Systems Administrator
easyDNS Technologies Inc.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq