Central logging Server

tranphat · 08-04-2014, 09:21 PM

Hi all,

I am planning to build on Central logging server to collect the log files from Linux machine, Tomcat, Apache, ... Could you please help to suggest me some useful tools?

I suppose to install on Linux System. And other systems, applications forward logs to Central log server.

Regards,

Phat

AlucardZero · 08-04-2014, 09:30 PM

rsyslog?

tranphat · 08-04-2014, 09:36 PM

Hi AlucardZero,

I know rsyslog but I want to have a web interface for visual viewing. Could you have other suggestion?

TB0ne · 08-05-2014, 09:20 AM

Quote:

Originally Posted by tranphat

Hi AlucardZero,
I know rsyslog but I want to have a web interface for visual viewing. Could you have other suggestion?

A "central logging server" is either rsyslog or syslog-ng. What you're asking for is a log VIEWING application. Check out Splunk...it, like SuSE Enterprise, is a commercial, PAY FOR product.

szboardstretcher · 08-05-2014, 09:57 AM

Graylog2 is a great free splunk alternative. Graylog2 is a 'log management' server, whereas rsyslog and syslog-ng are logging daemons. You also need a log shipper and an database.

I use a combination of Logstash, Elasticsearch, Kibana and Graylog2.

Logstash grabs the logs, converts them to JSON, stores them in Elasticsearch. And Graylog2 allows searching, trending and so on of the Elasticsearch cluster data.

Here is a breakdown of the pieces themselves: http://boardstretcher.github.io/blog...g-and-logging/

Habitual · 08-05-2014, 10:04 AM

Quote:

Originally Posted by szboardstretcher

Logstash, Elasticsearch, Kibana

What? No Lumberjack?

http://blog.basefarm.com/blog/how-to...rface-on-rhel/
http://edgeofsanity.net/article/2012...-software.html
http://jpmens.net/2012/08/06/my-logs...raylog2-notes/

szboardstretcher · 08-05-2014, 10:21 AM

Nah. Not in this setup.

Nice links though.

tranphat · 08-06-2014, 08:56 AM

Hello szboardstretcher,

I'm trying with Graylog2

Hello Habitual,

lumberjack is the name of logging application like Graylog2?

szboardstretcher · 08-06-2014, 09:10 AM

Lumberjack is the protocol name now. Logstash-forwarder is the new program name.

https://github.com/elasticsearch/logstash-forwarder

Habitual · 08-06-2014, 10:11 AM

Quote:

Originally Posted by szboardstretcher

Nah. Not in this setup.

I have yet to try it myself.

szboardstretcher · 08-06-2014, 10:16 AM

In the environment I am in, I already had rsyslog available, so there was no reason to use Logstash to send to Logstash. Rsyslog is already able to write directly to ElasticSearch.

I do LOVE logstash though. The ability to take logs in and transform them into something useful is awesome. Here is one of the configs I use for Logstash:

https://gist.github.com/boardstretch...d36e0bf876bda6

Remember though, Lumberjack is just the protocol Logstash uses to talk to Logstash. The actual program is called logstash-forwarder now.