Adding additional logging hosts

[lmiltchev]

I think it may be a security group issue. Need to investigate some more.

Sure. Let us know if you have any more issues/questions.

[co-dlk]

Not sure what is going on but I added another host and I got 1 log msg from the new host and now nothing. Does it really take hours before I start seeing messages? The host that was not working seems to be ok but logging clients seem to take a long time and selective which msgs are indexed and new hosts take hours before ALL message show up.

For instance the new host is show these 3 selective msgs for some reason but I know there are alot more because I have been restarting services and using logger. Is this expected behaivor?

2014-11-11T11:01:01.787-07:00 xxx.xxx.xxx.xxx syslog <77>Nov 11 18:01:01 ip-172-31-5-215 run-parts(/etc/cron.hourly)[2417 finished 0anacron

2014-11-11T11:01:01.779-07:00 xxx.xxx.xxx.xxx syslog <77>Nov 11 18:01:01 ip-172-31-5-215 run-parts(/etc/cron.hourly)[2406 starting 0anacron

2014-11-11T10:17:05.701-07:00 xxx.xxx.xxx.xxx syslog \xFF\xF4\xFF\xFD\u0006

[co-dlk]

Just did some more testing. Seems like the log server is realtime with logs showing up but the hosts sending logs not so much. Its been >30 minutes and I still have not seen the messages that I put into the logs.

I have used logstash / elasticsearch / kibana before and it was realtime and this definately is not. Am I missing something? According to the docs

Your Data in Real Time: Viewing your log data within the context of time is the most important thing about monitoring. Log Server allows you to view log data in realtime, providing the ability to quickly analyze and solve problems as they occur. This keeps your organization safe, secure, and running smoothly.

[slansing]

Interesting, they're coming in now? Keep us up to date on your findings (if you can share them). They could be really valuable to others in the future.