SysLog Forwarding for XenServer
-
No. Get ELK up first.
-
@scottalanmiller Ok will follow your guide first, and then work on the Elk info.
-
Yeah. That way you know it is working before you make other changes.
-
So for everyone looking to do this,
And then (and @scottalanmiller I'm asking for confirmation) perform what I posted in the OP.
Correct?
-
So on a brand new installation of Centos7 after completing Elk on Cent and then progressing to https://mangolassi.it/topic/8308/configuring-logstash-and-filebeat-to-send-to-elk-logging-system
I get this...
-
Same thing with sudo
-
What is missing from the second script is
curl -L -O https://download.elastic.co/beats/filebeat/filebeat-1.2.3-x86_64.rpm sudo rpm -vi filebeat-1.2.3-x86_64.rpm
-
So I'm still stumped here....
-
Hrm, so I have a clean installation and when I go to the Elk/Logstash Web url I get a login prompt...
But I haven't the slightest idea of what the username password is.
Trying "kibana" and "changeme" results in the prompt asking for credentials again...
-
And I'm in.
Now to setup XenServer to send stuff to Kibana.
-
OK So I'm in, and apparently logs are getting sent to this VM.... now how do I see them... lol....
So much to learn...
-
@DustinB3403 said in SysLog Forwarding for XenServer:
OK So I'm in, and apparently logs are getting sent to this VM.... now how do I see them... lol....
So much to learn...
Have you looked in Kibana yet?
-
@StrongBad Yes, and nothing is showing up.
So there might be something I messed up while configuring it, or there just isn't anything set to show yet.
-
They show up quickly. We're the logs pretty regular before the change?
-
LMFAO. Regular. Logs.
-
@StrongBad said in SysLog Forwarding for XenServer:
They show up quickly. We're the logs pretty regular before the change?
With just a basic syslog server setup and forwarding enabled when I viewed /var/log/messages it was blowing by
-
-
-
I still have a few compressed logs (things that aren't marked to be forward to Elk/Kibana)
-
Obviously I'll need to change the syslog file to make sure those are only sent off host.
But why aren't they appearing in Elk/Kibana...