Answer the question
In order to leave comments, you need to log in
D
D
Dmitry Lebedev2015-02-17 12:10:45
Dmitry Lebedev, 2015-02-17 12:10:45
How to configure Syslog log collection with Elasticsearch+Kibana+Logstash?
Hello.
Tell me how to set up the collection of Syslog logs from hardware on Elasticsearch + Kibana + Logstash (ELK).
Hardware Zyxel Zywall, Eltex Tau and CentOS servers.
I did the server setup according to this article https://www.digitalocean.com/community/tutorials/h...
And
https://blog.devita.co/2014/09/04/monitoring-pfsen...
Sending logs from Zyxel is on port 514.
Output logs of this format
02-17-2015 15:29:07 Local1.Info 192.168.91.254 Feb 17 15:29:09 zywall-zw1100 CEF:0|ZyXEL|ZyWALL 1100||0|IKE|4|src=xxx.xxx.xxx.xxxdst=xx.xx.xx.xxspt=500 dpt=500 msg=Recv:[HASH][NOTIFY:R_U_THERE_ACK]But the logs never come. I looked at the logs, everything seems to be fine. Where to dig further I do not know.
Disabled FirewallD and Selinux set SELINUX=permissive.
I am successfully logged into the web interface.
The actual configs for logstash
pastebin.com/wJYdNefH 01-inputs.conf
pastebin.com/CtevsM1T logstash.conf
pastebin.com/9aBPVzfL 10-syslog.conf
pastebin.com/ZaJqrcF9 30-outputs.conf
By the way, I don't see the process in htop logstash, is it supposed to be like this?
Similar questions
Y
I
D
G
Z
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question