SysLog Forwarding for XenServer
-
So now I need a VM with splunk as well?
Or can I use my CentOS Rsyslog Vm as well?
-
@DustinB3403 said in SysLog Forwarding for XenServer:
@travisdh1 said in SysLog Forwarding for XenServer:
For my XenServer (still 6.5), I actually started up the XenCenter app. Right click on the server -> properties -> click log destination on left -> click remote on right and enter the rsyslog server ip.
Which I've done that, but where on the syslog VM would I actually see the logs being created? What should I modify in the /var/lib/syslog.conf file on XenServer?
By default, everything goes in /var/log/messages. If you want to find things for just one host name
sudo cat /var/log/messages | grep 'hostname'
I'm now understanding why @scottalanmiller likes binary logs instead of ascii. That messages file grows quickly.
-
@travisdh1 That does show a lot of information, which is scrolling very quickly!
I guess it works
-
So if that works, then I need to setup a easy way to view these messages..
Is splunk the go to solution for this?
-
@DustinB3403 said in SysLog Forwarding for XenServer:
So if that works, then I need to setup a easy way to view these messages..
Is splunk the go to solution for this?
I used Splunk because it is free and easy. (For me.)
I tried setting up a few other things, and gave up. (Like loggly.) I want to get back to other logging stuff some day, but it works for me.
-
Splunk is free only for very small sizes. Once your logs grow or you have more than a few servers you normally overrun the free part.
-
So what would be a good aggregation tool to be able to view the logs?
If Splunk stops at a tiny level..... I won't bother with it.
-
@DustinB3403 said in SysLog Forwarding for XenServer:
So what would be a good aggregation tool to be able to view the logs?
If Splunk stops at a tiny level..... I won't bother with it.
500MB per day.
-
@BRRABill said in SysLog Forwarding for XenServer:
@DustinB3403 said in SysLog Forwarding for XenServer:
So what would be a good aggregation tool to be able to view the logs?
If Splunk stops at a tiny level..... I won't bother with it.
500MB per day.
yeah that's worthless......
-
-
@DustinB3403 said
yeah that's worthless......
You'll want to avoid logg.ly before someone recommends it, then. That is 200MB per day.
-
So elk/logstash then?
Wasn't there a post around here by scott on how to set this up?
-
Has anyone setup syslog with Elk (with Elasticsearch 2.3 or greater) and Kibana
-
@DustinB3403 Maybe one of these?
-
@Danp said in SysLog Forwarding for XenServer:
@DustinB3403 Maybe one of these?
I was actually just looking at that and Kibana...
I'm trying to determine if I can run it locally or if I need a DO account to do it...
-
@DustinB3403 said in SysLog Forwarding for XenServer:
Has anyone setup syslog with Elk (with Elasticsearch 2.3 or greater) and Kibana
I'm pretty sure my walkthrough covers that.
-
@scottalanmiller This one, correct?
-
-
Let me know how it goes. I'd love to install another free server around here.
TAKE THAT MICROSOFT!
-
I'm getting stuck at
./load.sh
with
Loading dashboards to http://localhost:9200 in .kibana Loading search Cache-transactions: curl: (7) Failed connect to localhost:9200; Connection timed out