Hi all, Me again :) ! Is there any other tool, free open source that can show me the log in some kind of graphs and can make some triggers etc. Like LogAnalyzer ? I want to change the LogAnalyzer and try other different web interfaces etc. Any suggestions ? I see Elasticsearch or Kibana but, as i see it now, they use some different protocols and styles (i still can't understand how is working) and im not sure if i can integrate with syslog-ng, but also i need a free tool :( . As im using Syslog-NG with MongoDB all i need is something that can present all this log and have options for sending e-mails if we have disaster or something and can query fast all this logs. LogAnalyzers is ok but i want to see different styles. Thanks in advanced ! Ivan
Hi, This project is not actively developed, but was written by a former syslog-ng developer for visualizing logs in mongodb: https://github.com/algernon/mojology On Thu, May 26, 2016 at 9:56 AM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote:
Hi all, Me again :) ! Is there any other tool, free open source that can show me the log in some kind of graphs and can make some triggers etc. Like LogAnalyzer ? I want to change the LogAnalyzer and try other different web interfaces etc. Any suggestions ?
I see Elasticsearch or Kibana but, as i see it now, they use some different protocols and styles (i still can't understand how is working) and im not sure if i can integrate with syslog-ng, but also i need a free tool :( .
As im using Syslog-NG with MongoDB all i need is something that can present all this log and have options for sending e-mails if we have disaster or something and can query fast all this logs.
LogAnalyzers is ok but i want to see different styles.
Thanks in advanced !
Ivan
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi Feket, This is ok but i really need something that is not EOL. I need this for production and will have to deal with heavy load. LogAnalyzer is ok but as im going to put more than 50-100 Servers i don't think will have the capacity for all that to be presented and query if i need. Ivan On 05/26/2016 10:02 AM, Fekete, Róbert wrote:
Hi,
This project is not actively developed, but was written by a former syslog-ng developer for visualizing logs in mongodb: https://github.com/algernon/mojology
On Thu, May 26, 2016 at 9:56 AM, Ivan Adji - Krstev <akivanradix@gmail.com <mailto:akivanradix@gmail.com>> wrote:
Hi all, Me again :) ! Is there any other tool, free open source that can show me the log in some kind of graphs and can make some triggers etc. Like LogAnalyzer ? I want to change the LogAnalyzer and try other different web interfaces etc. Any suggestions ?
I see Elasticsearch or Kibana but, as i see it now, they use some different protocols and styles (i still can't understand how is working) and im not sure if i can integrate with syslog-ng, but also i need a free tool :( .
As im using Syslog-NG with MongoDB all i need is something that can present all this log and have options for sending e-mails if we have disaster or something and can query fast all this logs.
LogAnalyzers is ok but i want to see different styles.
Thanks in advanced !
Ivan
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
On Thu, May 26, 2016 at 10:16:16AM +0200, Ivan Adji - Krstev wrote:
This is ok but i really need something that is not EOL. I need this for production and will have to deal with heavy load. LogAnalyzer is ok but as im going to put more than 50-100 Servers i don't think will have the capacity for all that to be presented and query if i need.
You may not like kibana/ES but it's your best bet right now You can send logs directly to ES using syslog-ng since version 3.7.x I'd be happy to assist you in case of deployment problems.
But i have to pay for Kibana ? Plus i don't get the point of Elasticsearch. Ivan On 05/26/2016 10:35 AM, Fabien Wernli wrote:
On Thu, May 26, 2016 at 10:16:16AM +0200, Ivan Adji - Krstev wrote:
This is ok but i really need something that is not EOL. I need this for production and will have to deal with heavy load. LogAnalyzer is ok but as im going to put more than 50-100 Servers i don't think will have the capacity for all that to be presented and query if i need. You may not like kibana/ES but it's your best bet right now You can send logs directly to ES using syslog-ng since version 3.7.x I'd be happy to assist you in case of deployment problems.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
On Thu, May 26, 2016 at 10:45:56AM +0200, Ivan Adji - Krstev wrote:
But i have to pay for Kibana ? Plus i don't get the point of Elasticsearch.
no, kibana is opensource, just like ES
OK so the way is going is following ... Syslog-NG get the logs and store them in MongoDB, than Kibana present them. And what is the purpose of ES in the story ? On 05/26/2016 10:56 AM, Fabien Wernli wrote:
On Thu, May 26, 2016 at 10:45:56AM +0200, Ivan Adji - Krstev wrote:
But i have to pay for Kibana ? Plus i don't get the point of Elasticsearch. no, kibana is opensource, just like ES
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
On Thu, May 26, 2016 at 10:58:54AM +0200, Ivan Adji - Krstev wrote:
OK so the way is going is following ... Syslog-NG get the logs and store them in MongoDB, than Kibana present them. And what is the purpose of ES in the story ?
kibana only works using the ES backend. So if mongodb is a *requirement* then forget about kibana :) But, if you *can* replace mongodb by something else, well then you can replace it by ES.
OK lets do this :) ... This is my scenario Im using Syslog-NG with self signed certificate and then the they are stored or processed or what ? in ES and Kibana represent them right ? Sorry for all this noob questions but first time im dealing with ES :) On 05/26/2016 11:09 AM, Fabien Wernli wrote:
On Thu, May 26, 2016 at 10:58:54AM +0200, Ivan Adji - Krstev wrote:
OK so the way is going is following ... Syslog-NG get the logs and store them in MongoDB, than Kibana present them. And what is the purpose of ES in the story ? kibana only works using the ES backend. So if mongodb is a *requirement* then forget about kibana :) But, if you *can* replace mongodb by something else, well then you can replace it by ES.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
On Thu, May 26, 2016 at 11:12:28AM +0200, Ivan Adji - Krstev wrote:
OK lets do this :) ... This is my scenario Im using Syslog-NG with self signed certificate and then the they are stored or processed or what ? in ES and Kibana represent them right ?
Can you rephrase your question please I didn't understand it
I would like to know, how things will work.
From what i have understand for now, ES is some kind of PatternDB ? or some kind of NoSQL ? And the scenario will be: Syslog-NG will send the logs to PatternDB and will stored into ES, and Kibana is the one that will represent ?
And what will be the steps and configurations for the Syslog-NG ? Ivan On 05/26/2016 12:17 PM, Fabien Wernli wrote:
On Thu, May 26, 2016 at 11:12:28AM +0200, Ivan Adji - Krstev wrote:
OK lets do this :) ... This is my scenario Im using Syslog-NG with self signed certificate and then the they are stored or processed or what ? in ES and Kibana represent them right ? Can you rephrase your question please I didn't understand it
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
On Thu, May 26, 2016 at 12:51:45PM +0200, Ivan Adji - Krstev wrote:
From what i have understand for now, ES is some kind of PatternDB ? or some kind of NoSQL ? And the scenario will be: Syslog-NG will send the logs to PatternDB and will stored into ES, and Kibana is the one that will represent ?
From syslog-ng's point of view, patterndb is a parser and elasticsearch or elasticsearch2 is a destnation driver.
So ES is "some kind of NoSQL" to cite you. And Kibana is just a GUI which will interact with ES' API.
And what will be the steps and configurations for the Syslog-NG ?
Reading the official documentation would be a good start: https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-g...
So i have install syslog-ng and elasticsearch ... can you give me some syslog-ng configuration to send this log to elasitcsearch ? For now i have the following: source s_sys { system(); internal(); network(ip(0.0.0.0) port(6514) flags(syslog-protocol) transport("tls") tls(key_file("/etc/syslog-ng/cert.d/serverkey.pem") cert_file("/etc/syslog-ng/cert.d/servercert.pem") ca_dir("/etc/syslog-ng/ca.d") ) ); }; everything else is default .... Ivan On 05/26/2016 01:34 PM, Fabien Wernli wrote:
On Thu, May 26, 2016 at 12:51:45PM +0200, Ivan Adji - Krstev wrote:
From what i have understand for now, ES is some kind of PatternDB ? or some kind of NoSQL ? And the scenario will be: Syslog-NG will send the logs to PatternDB and will stored into ES, and Kibana is the one that will represent ? From syslog-ng's point of view, patterndb is a parser and elasticsearch or elasticsearch2 is a destnation driver.
So ES is "some kind of NoSQL" to cite you. And Kibana is just a GUI which will interact with ES' API.
And what will be the steps and configurations for the Syslog-NG ? Reading the official documentation would be a good start:
https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-g...
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
On Thu, May 26, 2016 at 03:16:24PM +0200, Ivan Adji - Krstev wrote:
So i have install syslog-ng and elasticsearch ... can you give me some syslog-ng configuration to send this log to elasitcsearch ?
as I said, there is a fair amount of information in the official documentation, please read it first before asking for help
participants (3)
-
Fabien Wernli
-
Fekete, Róbert
-
Ivan Adji - Krstev