LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-04-2014, 10:21 PM   #1
tranphat
Member
 
Registered: Dec 2013
Posts: 57

Rep: Reputation: Disabled
Central logging Server


Hi all,

I am planning to build on Central logging server to collect the log files from Linux machine, Tomcat, Apache, ... Could you please help to suggest me some useful tools?

I suppose to install on Linux System. And other systems, applications forward logs to Central log server.

Regards,

Phat
 
Old 08-04-2014, 10:30 PM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,808

Rep: Reputation: 604Reputation: 604Reputation: 604Reputation: 604Reputation: 604Reputation: 604
rsyslog?
 
Old 08-04-2014, 10:36 PM   #3
tranphat
Member
 
Registered: Dec 2013
Posts: 57

Original Poster
Rep: Reputation: Disabled
Hi AlucardZero,

I know rsyslog but I want to have a web interface for visual viewing. Could you have other suggestion?
 
Old 08-05-2014, 10:20 AM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,916

Rep: Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689
Quote:
Originally Posted by tranphat View Post
Hi AlucardZero,
I know rsyslog but I want to have a web interface for visual viewing. Could you have other suggestion?
A "central logging server" is either rsyslog or syslog-ng. What you're asking for is a log VIEWING application. Check out Splunk...it, like SuSE Enterprise, is a commercial, PAY FOR product.
 
Old 08-05-2014, 10:57 AM   #5
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 3,774
Blog Entries: 1

Rep: Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339
Graylog2 is a great free splunk alternative. Graylog2 is a 'log management' server, whereas rsyslog and syslog-ng are logging daemons. You also need a log shipper and an database.

I use a combination of Logstash, Elasticsearch, Kibana and Graylog2.

Logstash grabs the logs, converts them to JSON, stores them in Elasticsearch. And Graylog2 allows searching, trending and so on of the Elasticsearch cluster data.

Here is a breakdown of the pieces themselves: http://boardstretcher.github.io/blog...g-and-logging/

Last edited by szboardstretcher; 08-05-2014 at 11:00 AM.
 
Old 08-05-2014, 11:04 AM   #6
Habitual
LQ Addict
 
Registered: Jan 2011
Location: Youngstown, Ohio
Distribution: LM17.1/Xfce4.11.8
Posts: 7,158
Blog Entries: 10

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Quote:
Originally Posted by szboardstretcher View Post
Logstash, Elasticsearch, Kibana
What? No Lumberjack?
http://blog.basefarm.com/blog/how-to...rface-on-rhel/
http://edgeofsanity.net/article/2012...-software.html
http://jpmens.net/2012/08/06/my-logs...raylog2-notes/
 
Old 08-05-2014, 11:21 AM   #7
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 3,774
Blog Entries: 1

Rep: Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339
Nah. Not in this setup.

Nice links though.
 
Old 08-06-2014, 09:56 AM   #8
tranphat
Member
 
Registered: Dec 2013
Posts: 57

Original Poster
Rep: Reputation: Disabled
Hello szboardstretcher,

I'm trying with Graylog2

Hello Habitual,

lumberjack is the name of logging application like Graylog2?

Last edited by tranphat; 08-06-2014 at 09:57 AM. Reason: Add
 
Old 08-06-2014, 10:10 AM   #9
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 3,774
Blog Entries: 1

Rep: Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339
Lumberjack is the protocol name now. Logstash-forwarder is the new program name.

https://github.com/elasticsearch/logstash-forwarder
 
Old 08-06-2014, 11:11 AM   #10
Habitual
LQ Addict
 
Registered: Jan 2011
Location: Youngstown, Ohio
Distribution: LM17.1/Xfce4.11.8
Posts: 7,158
Blog Entries: 10

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Quote:
Originally Posted by szboardstretcher View Post
Nah. Not in this setup.
I have yet to try it myself.
 
Old 08-06-2014, 11:16 AM   #11
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 3,774
Blog Entries: 1

Rep: Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339
In the environment I am in, I already had rsyslog available, so there was no reason to use Logstash to send to Logstash. Rsyslog is already able to write directly to ElasticSearch.

I do LOVE logstash though. The ability to take logs in and transform them into something useful is awesome. Here is one of the configs I use for Logstash:

https://gist.github.com/boardstretch...d36e0bf876bda6

Remember though, Lumberjack is just the protocol Logstash uses to talk to Logstash. The actual program is called logstash-forwarder now.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Central Logging Server using Webmin deibertine Linux - Server 1 01-05-2013 04:06 AM
Central Logging Server using Webmin deibertine Linux - General 1 01-02-2013 11:49 PM
Virtualization from a central server 2handband Linux - Virtualization and Cloud 4 01-05-2010 01:45 PM
Central Auth. Server Data-Base Linux - Networking 2 06-17-2004 01:00 PM
Central Logging unixpirate Linux - General 0 02-28-2003 12:23 PM


All times are GMT -5. The time now is 12:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration