Hi there,
I am looking for a log management solution for a distributed environment. There are 200 branch offices which are having limited bandwidth. I cant have Nagios Log server in each office as the price will be very high. I cant have all logs forwarded from each office as the bandwidth is very low. I am looking for a log filtering at each office and only necessary events \ logs which need attention are sent to the NOC. Can I achieve this by having logstash on each office and two or three instanced of Nagios Log Server at NOC.
Nagios Log Server in Distributed Environment
Re: Nagios Log Server in Distributed Environment
You can filter what you send by altering the log level within rsyslog as to what gets sent to the Log Server.
By default, the log server install sets all facilities, all severities to be sent. You could change that to only log auth failures and system debug events, for instance.
You need to look at the syslog or rsyslog man pages, but you'll be changing "*.* @<logserver>:5544" to be the various things you want to sent. Like:
By default, the log server install sets all facilities, all severities to be sent. You could change that to only log auth failures and system debug events, for instance.
You need to look at the syslog or rsyslog man pages, but you'll be changing "*.* @<logserver>:5544" to be the various things you want to sent. Like:
Code: Select all
mail.info @<logserver>:5544
*.emerg @<logserver>:5544
authpriv.* @<logserver>:5544
Eric Loyd • http://everwatch.global • 844.240.EVER • @EricLoyd
I'm a Nagios Fanatic! • Join our public Nagios Discord Server!
Re: Nagios Log Server in Distributed Environment
eloyd has presented the most ideal solution - this will limit the amount of logs going out of your network. In this case, you could have a simple 3-4 instance cluster in the center of your network to handle the log collection. On the Windows side, you can modify nxlog to achieve the same results.
Jesse
Jesse