Date: Mon, 12 Jul 2021 09:44:00 +0200 From: Peter Boosten <freebsd@boosten.org> To: Paul Procacci <pprocacci@gmail.com> Cc: serejk@febras.net, KK CHN <kkchn.in@gmail.com>, freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Analyzing Log files of very large size Message-ID: <21b7622d88dbc84810881eb0edf7b36a@boosten.org> In-Reply-To: <CAFbbPugNamorCpL1%2Bbkao06iWSUJkPS5V3KORs3SCUUChbBU5Q@mail.gmail.com> References: <CAKgGyB_TJrLWSjcnc9491Gg0Q5CLqLdmWx2yga_Ez7-gE6YcKQ@mail.gmail.com> <E9C00664-DAC7-4F58-BCCA-CDD2654C9325@febras.net> <CAKgGyB_reF4eqz4pvQj7tFsOQEEB3WrFZa-91L%2BNChm=85h0-A@mail.gmail.com> <d0ebe655c44cd2b5a70bbac4dcdddcc3@febras.net> <CAFbbPugNamorCpL1%2Bbkao06iWSUJkPS5V3KORs3SCUUChbBU5Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul Procacci schreef op 12-07-2021 08:20: > > Someone made mention of Elasticsearch and that's a good option too. > All > the work > of indexing the data has already been done for you. You just don't > have to > mind paying > for it. ;) > Not sure where you get the idea that you have to pay to use Elasticsearch. I'm running an ELK stack happily in one of my jails, gathering millions of logs, from the ports collection. I admit that the modules collection on filebeat is somewhat limited (to ingest/parse log files) on FreeBSD (and I really don't know why), but you can solve that by downloading the source and add the modules manually. And it works like charm. With some configuration you even get security running, and you have your own personal SIEM. -- It never hurts to help! Peter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?21b7622d88dbc84810881eb0edf7b36a>