Hi,
You could use syslog-ng on your management servers.
Set up a file source for syslog-ng (eg.):
file("/var/log/managementserver.log" program_override("CS-Manager1: "));
Then set up a remote destination (eg.):
destination d_tls {
tcp("splunk.myserver.com" port(516)
tls( ca_dir("/opt/syslog-ng/etc/ca.d")
key_file("/opt/syslog-ng/etc/key.d/syslog.key")
cert_file("/opt/syslog-ng/etc/cert.d/syslog.crt"))
);
Then tell syslog-ng what to do (eg.):
log {
source(s_local);
destination(d_messages);
destination(d_tls);
}
On the splunk box you should have another syslog-ng running if you want TLS and
redirect it into splunk from there otherwise just point it at your splunk
listener.
Hope this helps.
Regards
Tamas Monos DDI
+44(0)2034687012
Chief Technical Office
+44(0)2034687000
Veber: The Hosting Specialists Fax +44(0)871 522 7057
http://www.veber.co.uk
Follow us on Twitter: www.twitter.com/veberhost
Follow us on Facebook: www.facebook.com/veberhost
-----Original Message-----
From: Mathias Mullins [mailto:mathias.mull...@citrix.com]
Sent: 17 October 2012 18:40
To: cloudstack-users@incubator.apache.org
Subject: Splunk
We are trying to setup Splunk to do log parsing for a cluster of 4 management
servers. Does someone have some experience on this or some script settings that
have been effective with them?
Thanks,
Matt
