nanog mailing list archives

Re: Parsing Syslog and Acting on it, using other input too

From: Charles N Wyble <charles-lists () knownelement com>
Date: Thu, 29 Aug 2013 12:14:40 -0500

Yes. Logstash shipper on your syslog proxy, forward to elasticsearch. Graylog2 is very cool. Tried kibana and didn't 
care for it.

Actually setting up graylog2 right now to do AD authentication.  

So workflow is

End device -> syslog-ng vm -> graylog2/elasticsearch vm and other destinations (it corp security cloud for stuff they 
want to track, observium for anything matching my network gear hostname pattern, etc).

I have the middle syslog-ng box so I can have great control over where certain hosts ultimately send data. However that 
system can be used in any template, if I don't filter it just gets dumped to graylog.

Kevin Stone <kstone () inetlabs net> wrote:

Look at Logstash, http://logstash.net.

Rsyslog can do a bit, on Windows you could look at the Solarwinds Kiwi
syslog server.


On Thu, Aug 29, 2013 at 9:10 AM, Jason Biel <jason () biel-tech com>
wrote:

You should look into SPLUNK (http://www.splunk.com/), it will
collect/store
your syslog data and you can run customized reports and then act on

them.



On Thu, Aug 29, 2013 at 8:03 AM, Kasper Adel <karim.adel () gmail com>

wrote:

Hello.

I am looking for a way to do proactive monitoring of my network,

what I

am

specifically thinking about is receiving syslog msgs from the

routers and

the backend engine would correlate certain msgs with output/data

that i

am

receiving through SSH/telnet sessions. What i am after is not

exposed to

SNMP so i need to do it on my own.


I am sure there are many tools that can do parsing of syslog and

acting

upon it but i wonder if there is something more flexible out there

that I

can just re-use to do the above ? Please point me to known public

or

home-grown scripts in use to achieve this.

Regards,

Sam




--
Jason


-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Current thread:

Parsing Syslog and Acting on it, using other input too Kasper Adel (Aug 29)
- Re: Parsing Syslog and Acting on it, using other input too Jason Biel (Aug 29)
  - Re: Parsing Syslog and Acting on it, using other input too Kevin Stone (Aug 29)
    - Re: Parsing Syslog and Acting on it, using other input too Charles N Wyble (Aug 29)
  - Re: Parsing Syslog and Acting on it, using other input too Sam Moats (Aug 29)
    - Re: Parsing Syslog and Acting on it, using other input too Blake Dunlap (Aug 29)
- Re: Parsing Syslog and Acting on it, using other input too Dobbins, Roland (Aug 29)
- RE: Parsing Syslog and Acting on it, using other input too Thijs Stuurman (Aug 29)
- Re: Parsing Syslog and Acting on it, using other input too Mike Tancsa (Aug 29)
  - Re: Parsing Syslog and Acting on it, using other input too Don Wilder (Aug 29)
    - Re: Parsing Syslog and Acting on it, using other input too Christopher Morrow (Aug 29)
    - Re: Parsing Syslog and Acting on it, using other input too Shawn Wilson (Aug 30)
    - Re: Parsing Syslog and Acting on it, using other input too Christopher Morrow (Aug 30)
    - Re: Parsing Syslog and Acting on it, using other input too shawn wilson (Aug 30)

(Thread continues...)