[syslog-ng] Monitoring log traffic

László Pál vlad at vlad.hu
Fri Oct 18 14:28:29 UTC 2019


Hi,

My shiny new log infrastructure is almost complete, however I still have some maintenance kind of work to be done, so I asked myself, why not ask community? :)

So, it is basically just a server to store logs from various places as usual, however I would like to implement some anomaly detection. I mean, if some logs sources are sending significantly less or more logs a day. Do you think there is an easy solution for this? 

If needed, I have also a Graylog instance to index logs, so I’m already thinking to implement some kind of alerting there, however obviously I’m not sending everything to Graylog, just what users need to search, so I’m thinking about something I can put on the syslog-ng server and relays to detect anomalies.

Any thoughts?

Thanks
Laszlo



More information about the syslog-ng mailing list