Hello Fabien, I was running tcpdump on my syslog-ng server, and able to see the package from 1.2.3.4 but my local logfile for UDP 514 didn't show any syslog from 1.2.3.4. Is there another configuration file need to be setup in somewhere? Thank you very much! VL -----Original Message----- From: syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of syslog-ng-request@lists.balabit.hu Sent: 2019, April, 08 8:00 AM To: syslog-ng@lists.balabit.hu Subject: syslog-ng Digest, Vol 168, Issue 8 Send syslog-ng mailing list submissions to syslog-ng@lists.balabit.hu To subscribe or unsubscribe via the World Wide Web, visit https://lists.balabit.hu/mailman/listinfo/syslog-ng or, via email, send a message with subject or body 'help' to syslog-ng-request@lists.balabit.hu You can reach the person managing the list at syslog-ng-owner@lists.balabit.hu When replying, please edit your Subject line so it is more specific than "Re: Contents of syslog-ng digest..." Today's Topics: 1. Re: WebGUI for Syslog-ng storing logs in HDFS (Lee Keng Ket) 2. Re: tcpdump shows device sending syslog from UDP 514 but not write to local log file (Fabien Wernli) ---------------------------------------------------------------------- Message: 1 Date: Mon, 8 Apr 2019 14:24:09 +0800 From: Lee Keng Ket <kengket@gmail.com> To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] WebGUI for Syslog-ng storing logs in HDFS Message-ID: <CAHJFZ9edfAq2tKKfjYxNqFJrzjx-Yb77-BxFak4F+vCQDYWoWw@mail.gmail.com> Content-Type: text/plain; charset="utf-8" Hi, Peter Thanks for your info, will look into the link you share. As HDFS is decided to be the storage of logs, I'm trying not to store another copy in ES. Hi, Nik What's the difference between this open-distro and the ES from elastic.co? Thank you. Regards, KK On Fri, Apr 5, 2019 at 10:21 PM Nik Ambrosch <nik@ambrosch.com> wrote:
I was considering HDFS but ultimately chose ES because of simplicity. I too spent a while looking for a pre-packaged suite but most things are commercial.
I'd like to check this out sometime, just haven't had the opportunity - https://opendistro.github.io/for-elasticsearch/
On Fri, Apr 5, 2019 at 10:00 AM Czanik, Péter <peter.czanik@balabit.com> wrote:
Hi,
Many syslog-ng users store logs to Elasticsearch and search/analyze them using Kibana. Personally I never tested, but should take a look at Elasticsearch-Hadoop if it solves your problem: https://www.elastic.co/products/hadoop
Bye,
Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik
On Fri, Apr 5, 2019 at 3:50 PM Lee Keng Ket <kengket@gmail.com> wrote:
Hi,
How about open source webGUI? Any recommendations?
Thank you.
Regards, KK
On Fri, 5 Apr 2019, 20:56 Jim Hendrick, <james.r.hendrick@gmail.com> wrote:
It's not free - but you might look at the Syslog Store Box - https://www.syslog-ng.com/products/log-management-appliance/
They have also done some cool stuff with a native splunk HEC destination in the professional edition of syslog-ng. Might look at using that and splunk for the front-end?
Jim
On Fri, Apr 5, 2019 at 2:38 AM Lee Keng Ket <kengket@gmail.com> wrote:
Hi,
I'm looking for a WebGUI application for users to search for syslog, which the logs are stored by syslog-ng into HDFS.
Can you please share what WebGUI you're using?
I realize ElasticSearch with Kibana are the famous solution for this, however, I wish to store my syslog in HDFS.
Thank you.
Regards, KK
__________________________________________________________________ ____________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
___________________________________________________________________ ___________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________________ __________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
_____________________________________________________________________ _________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________ ________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190408/feb5e5c1/attachment-0001.html> ------------------------------ Message: 2 Date: Mon, 8 Apr 2019 10:40:05 +0200 From: Fabien Wernli <wernli@in2p3.fr> To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] tcpdump shows device sending syslog from UDP 514 but not write to local log file Message-ID: <20190408084005.j4v2k5atrmcn6amp@ccfawe.in2p3.fr> Content-Type: text/plain; charset=us-ascii On Fri, Apr 05, 2019 at 03:46:37PM +0000, Lin, Victor wrote:
When use: tcpdump src host 1.3.4.5 and port 514 , I can see host 1.3.4.5 is sending the syslog to my syslog-ng But when I search my local log special for port 514, I didn't see any syslog from 1.3.4.5
firewall? ------------------------------ Subject: Digest Footer _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng ------------------------------ End of syslog-ng Digest, Vol 168, Issue 8 ***************************************** _______________________________________________________________________ If you received this email in error, please advise the sender (by return email or otherwise) immediately. You have consented to receive the attached electronically at the above-noted email address; please retain a copy of this confirmation for future reference. Si vous recevez ce courriel par erreur, veuillez en aviser l'expéditeur immédiatement, par retour de courriel ou par un autre moyen. Vous avez accepté de recevoir le(s) document(s) ci-joint(s) par voie électronique à l'adresse courriel indiquée ci-dessus; veuillez conserver une copie de cette confirmation pour les fins de reference future.