Parsing Syslog and Acting on it, using other input too
Charles N Wyble
charles-lists at knownelement.com
Thu Aug 29 17:14:40 UTC 2013
Yes. Logstash shipper on your syslog proxy, forward to elasticsearch. Graylog2 is very cool. Tried kibana and didn't care for it.
Actually setting up graylog2 right now to do AD authentication.
So workflow is
End device -> syslog-ng vm -> graylog2/elasticsearch vm and other destinations (it corp security cloud for stuff they want to track, observium for anything matching my network gear hostname pattern, etc).
I have the middle syslog-ng box so I can have great control over where certain hosts ultimately send data. However that system can be used in any template, if I don't filter it just gets dumped to graylog.
Kevin Stone <kstone at inetlabs.net> wrote:
>Look at Logstash, http://logstash.net.
>Rsyslog can do a bit, on Windows you could look at the Solarwinds Kiwi
>On Thu, Aug 29, 2013 at 9:10 AM, Jason Biel <jason at biel-tech.com>
>> You should look into SPLUNK (http://www.splunk.com/), it will
>> your syslog data and you can run customized reports and then act on
>> On Thu, Aug 29, 2013 at 8:03 AM, Kasper Adel <karim.adel at gmail.com>
>> > Hello.
>> > I am looking for a way to do proactive monitoring of my network,
>> > specifically thinking about is receiving syslog msgs from the
>> > the backend engine would correlate certain msgs with output/data
>> > receiving through SSH/telnet sessions. What i am after is not
>> > SNMP so i need to do it on my own.
>> > I am sure there are many tools that can do parsing of syslog and
>> > upon it but i wonder if there is something more flexible out there
>> > can just re-use to do the above ? Please point me to known public
>> > home-grown scripts in use to achieve this.
>> > Regards,
>> > Sam
Sent from my Android device with K-9 Mail. Please excuse my brevity.
More information about the NANOG