Sure. Let us know if you have any more issues/questions.I think it may be a security group issue. Need to investigate some more.
Adding additional logging hosts
Re: Adding additional logging hosts
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Adding additional logging hosts
Not sure what is going on but I added another host and I got 1 log msg from the new host and now nothing. Does it really take hours before I start seeing messages? The host that was not working seems to be ok but logging clients seem to take a long time and selective which msgs are indexed and new hosts take hours before ALL message show up.
For instance the new host is show these 3 selective msgs for some reason but I know there are alot more because I have been restarting services and using logger. Is this expected behaivor?
2014-11-11T11:01:01.787-07:00 xxx.xxx.xxx.xxx syslog <77>Nov 11 18:01:01 ip-172-31-5-215 run-parts(/etc/cron.hourly)[2417 finished 0anacron
2014-11-11T11:01:01.779-07:00 xxx.xxx.xxx.xxx syslog <77>Nov 11 18:01:01 ip-172-31-5-215 run-parts(/etc/cron.hourly)[2406 starting 0anacron
2014-11-11T10:17:05.701-07:00 xxx.xxx.xxx.xxx syslog \xFF\xF4\xFF\xFD\u0006
For instance the new host is show these 3 selective msgs for some reason but I know there are alot more because I have been restarting services and using logger. Is this expected behaivor?
2014-11-11T11:01:01.787-07:00 xxx.xxx.xxx.xxx syslog <77>Nov 11 18:01:01 ip-172-31-5-215 run-parts(/etc/cron.hourly)[2417 finished 0anacron
2014-11-11T11:01:01.779-07:00 xxx.xxx.xxx.xxx syslog <77>Nov 11 18:01:01 ip-172-31-5-215 run-parts(/etc/cron.hourly)[2406 starting 0anacron
2014-11-11T10:17:05.701-07:00 xxx.xxx.xxx.xxx syslog \xFF\xF4\xFF\xFD\u0006
Re: Adding additional logging hosts
Just did some more testing. Seems like the log server is realtime with logs showing up but the hosts sending logs not so much. Its been >30 minutes and I still have not seen the messages that I put into the logs.
I have used logstash / elasticsearch / kibana before and it was realtime and this definately is not. Am I missing something? According to the docs
I have used logstash / elasticsearch / kibana before and it was realtime and this definately is not. Am I missing something? According to the docs
Your Data in Real Time: Viewing your log data within the context of time is the most important thing about monitoring. Log Server allows you to view log data in realtime, providing the ability to quickly analyze and solve problems as they occur. This keeps your organization safe, secure, and running smoothly.
-
- Posts: 7698
- Joined: Mon Apr 23, 2012 4:28 pm
- Location: Travelling through time and space...
Re: Adding additional logging hosts
Interesting, they're coming in now? Keep us up to date on your findings (if you can share them). They could be really valuable to others in the future.