I am looking for some detailed howto's on writing my own filters. I am trying to dump syslog-ng logs / date into splunk, but want to filter that which only I need to index into splunk. If anyone has any good howto's or have worked with splunk before I would certainly be open to any ideas or input they might have on the topic. Thanks cb
When I was working with splunk, I found it was easiest to use a FIFO. Set up a log path in syslog-ng with an appropriate set of filter statements, with the destination set to a FIFO. Splunk has a method built-in to read from a FIFO, which I found to be much tidier and more efficient than having splunk tail files. Paul Krizak 5900 E. Ben White Blvd. MS 625 Advanced Micro Devices Austin, TX 78741 Linux/Unix Systems Engineering Phone: (512) 602-8775 Silicon Design Division Cell: (512) 791-0686 Corey Bobb wrote:
I am looking for some detailed howto's on writing my own filters. I am trying to dump syslog-ng logs / date into splunk, but want to filter that which only I need to index into splunk. If anyone has any good howto's or have worked with splunk before I would certainly be open to any ideas or input they might have on the topic.
Thanks
cb
------------------------------------------------------------------------
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (2)
-
Corey Bobb
-
Paul Krizak