SysLog Forwarding for XenServer
-
What is missing from the second script is
curl -L -O https://download.elastic.co/beats/filebeat/filebeat-1.2.3-x86_64.rpm sudo rpm -vi filebeat-1.2.3-x86_64.rpm -
So I'm still stumped here....
-
Hrm, so I have a clean installation and when I go to the Elk/Logstash Web url I get a login prompt...
But I haven't the slightest idea of what the username password is.
Trying "kibana" and "changeme" results in the prompt asking for credentials again...
-
And I'm in.
Now to setup XenServer to send stuff to Kibana.
-
OK So I'm in, and apparently logs are getting sent to this VM.... now how do I see them... lol....
So much to learn...
-
@DustinB3403 said in SysLog Forwarding for XenServer:
OK So I'm in, and apparently logs are getting sent to this VM.... now how do I see them... lol....
So much to learn...
Have you looked in Kibana yet?
-
@StrongBad Yes, and nothing is showing up.
So there might be something I messed up while configuring it, or there just isn't anything set to show yet.
-
They show up quickly. We're the logs pretty regular before the change?
-
LMFAO. Regular. Logs.
-
@StrongBad said in SysLog Forwarding for XenServer:
They show up quickly. We're the logs pretty regular before the change?
With just a basic syslog server setup and forwarding enabled when I viewed /var/log/messages it was blowing by
-
-
-
I still have a few compressed logs (things that aren't marked to be forward to Elk/Kibana)
-
Obviously I'll need to change the syslog file to make sure those are only sent off host.
But why aren't they appearing in Elk/Kibana...
-
Everything here seems happy.
-
I still don't know why the logging isn't showing up in Kibana. . .
-
@DustinB3403 said in SysLog Forwarding for XenServer:
I still don't know why the logging isn't showing up in Kibana. . .
What do the local logs say? On both ends. There should be Logstash logs saying what has happened.
-
@scottalanmiller said in SysLog Forwarding for XenServer:
@DustinB3403 said in SysLog Forwarding for XenServer:
I still don't know why the logging isn't showing up in Kibana. . .
What do the local logs say? On both ends. There should be Logstash logs saying what has happened.
I'm still new to syslog, so what should I be looking at to answer this question?
-
You could just use Graylog. It uses rsyslog instead of file-beat (which doesn't work with journalctl anyway).
-
Since I'm having a hell of time getting this going, I setup a KiwI Syslog on a VM from one of my host, and it just works.
Just enabling the logging to the IP address, and let it go.
