SysLog Forwarding for XenServer
- 
 @DustinB3403 said in SysLog Forwarding for XenServer: @travisdh1 said in SysLog Forwarding for XenServer: For my XenServer (still 6.5), I actually started up the XenCenter app. Right click on the server -> properties -> click log destination on left -> click remote on right and enter the rsyslog server ip. Which I've done that, but where on the syslog VM would I actually see the logs being created? What should I modify in the /var/lib/syslog.conf file on XenServer? By default, everything goes in /var/log/messages. If you want to find things for just one host name sudo cat /var/log/messages | grep 'hostname'I'm now understanding why @scottalanmiller likes binary logs instead of ascii. That messages file grows quickly. 
- 
 @travisdh1 That does show a lot of information, which is scrolling very quickly! I guess it works 
- 
 So if that works, then I need to setup a easy way to view these messages.. Is splunk the go to solution for this? 
- 
 @DustinB3403 said in SysLog Forwarding for XenServer: So if that works, then I need to setup a easy way to view these messages.. Is splunk the go to solution for this? I used Splunk because it is free and easy.  (For me.) (For me.)I tried setting up a few other things, and gave up. (Like loggly.) I want to get back to other logging stuff some day, but it works for me. 
- 
 Splunk is free only for very small sizes. Once your logs grow or you have more than a few servers you normally overrun the free part. 
- 
 So what would be a good aggregation tool to be able to view the logs? If Splunk stops at a tiny level..... I won't bother with it. 
- 
 @DustinB3403 said in SysLog Forwarding for XenServer: So what would be a good aggregation tool to be able to view the logs? If Splunk stops at a tiny level..... I won't bother with it. 500MB per day. 
- 
 @BRRABill said in SysLog Forwarding for XenServer: @DustinB3403 said in SysLog Forwarding for XenServer: So what would be a good aggregation tool to be able to view the logs? If Splunk stops at a tiny level..... I won't bother with it. 500MB per day. yeah that's worthless...... 
- 
 
- 
 @DustinB3403 said yeah that's worthless...... You'll want to avoid logg.ly before someone recommends it, then. That is 200MB per day. 
- 
 So elk/logstash then? Wasn't there a post around here by scott on how to set this up? 
- 
 Has anyone setup syslog with Elk (with Elasticsearch 2.3 or greater) and Kibana 
- 
 @DustinB3403 Maybe one of these? 
- 
 @Danp said in SysLog Forwarding for XenServer: @DustinB3403 Maybe one of these? I was actually just looking at that and Kibana... I'm trying to determine if I can run it locally or if I need a DO account to do it... 
- 
 @DustinB3403 said in SysLog Forwarding for XenServer: Has anyone setup syslog with Elk (with Elasticsearch 2.3 or greater) and Kibana I'm pretty sure my walkthrough covers that. 
- 
 @scottalanmiller This one, correct? 
- 
 
- 
 Let me know how it goes. I'd love to install another free server around here. TAKE THAT MICROSOFT! 
- 
 I'm getting stuck at ./load.shwith Loading dashboards to http://localhost:9200 in .kibana Loading search Cache-transactions: curl: (7) Failed connect to localhost:9200; Connection timed out
- 
 You know if I wasn't tired I would've noticed that @scottalanmiller made that a bash file....... 




