If I'm reading this right your saying that you did Rsyslog->Elasticsearch->gui?
I've tried installing the rpm on centos and it installs but apparently it doesn't come with a config file and so the daemon starts it errors out in the logs and just shuts down after that. -----Original Message----- From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-boun...@lists.adiscon.com] On Behalf Of Rick Brown Sent: Tuesday, April 08, 2014 11:31 AM To: rsyslog-users Subject: Re: [rsyslog] Rsyslog w/ logstash-elasticsearch-kibana server Today I've setup my central rsyslog server to replay the logs via omudpspoof to a logstash server -> ES. It's already indexing about twice as much as just rsyslog -> ES was using the recipe in the first link below, and I haven't even begun to dig into the scads of plugins available for logstash. http://blog.sematext.com/2013/07/01/recipe-rsyslog-elasticsearch-kibana/ is a good place to start, although you can replace the omelasticsearch OM with omudpspoof if you want to do logstash. http://cookbook.logstash.net/recipes/rsyslog-agent/ is a good place to start with rsyslog -> logstash, although I did UDP instead of TCP, and used the elasticsearch output module instead of stdout, which is documented here: http://cookbook.logstash.net/recipes/central-syslog/ Good luck to you! Those three links is basically all I needed, and should set you down the right path, regardless of how your path differs from mine ;) ----- Original Message ----- > From: "Orangepeel Beef" <orangepeelb...@gmail.com> > To: "rsyslog-users" <rsyslog@lists.adiscon.com> > Sent: Tuesday, April 8, 2014 2:17:42 PM > Subject: Re: [rsyslog] Rsyslog w/ logstash-elasticsearch-kibana server > > it works, but I find it overly complex for my environment. read: I > don't need it ;) On Apr 8, 2014 11:13 AM, "Josh Bitto" > <jbi...@onlineschool.ca> wrote: > > > I have read about Redis as being the "broker" thoughts? > > > > > > > > -----Original Message----- > > From: rsyslog-boun...@lists.adiscon.com [mailto: > > rsyslog-boun...@lists.adiscon.com] On Behalf Of Orangepeel Beef > > Sent: Tuesday, April 08, 2014 11:11 AM > > To: rsyslog-users > > Subject: Re: [rsyslog] Rsyslog w/ logstash-elasticsearch-kibana > > server > > > > I use rsyslog to pipe into sec, and then use logstash file input to > > index. > > could be done without SEC as well. I don't like delivering syslog > > right into logstash. > > On Apr 8, 2014 11:09 AM, "Sphonic" <khushil...@sphonic.com> wrote: > > > > > I use rsyslog to send all items to logstash which has a syslog > > > listener enabled. > > > > > > Sent from my iPhone > > > > > > > On 8 Apr 2014, at 18:05, Josh Bitto <jbi...@onlineschool.ca> > > > > wrote: > > > > > > > > Hello Everyone, > > > > > > > > I'm wanting to setup a syslog server that combines the three > > > > programs > > > listed above with rsyslog. Has anyone had any success using this? > > > I'm > > > running on a CentOS 6.5 and finding adequate instructions on how > > > to not only setup all three PLUS rsyslog has been somewhat of a > > > challenge. > > > > > > > > This issue that I run into is on how to get > > > > logstash/elasticsearch and > > > kibana to talk with rsyslog. Halp meh! Please! > > > > > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > -- Rick Brown Office of Information Technology Georgia Institute of Technology _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
