From owner-freebsd-questions@freebsd.org Mon Aug 7 06:20:29 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0E2ADDBE108 for ; Mon, 7 Aug 2017 06:20:29 +0000 (UTC) (envelope-from dg@pki2.com) Received: from btw.pki2.com (btw.pki2.com [IPv6:2001:470:a:6fd::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B25C7812D0 for ; Mon, 7 Aug 2017 06:20:28 +0000 (UTC) (envelope-from dg@pki2.com) Received: from localhost (localhost [127.0.0.1]) by btw.pki2.com (8.15.2/8.15.2) with ESMTP id v776KN8q052694; Sun, 6 Aug 2017 23:20:23 -0700 (PDT) (envelope-from dg@pki2.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=pki2.com; s=pki2; t=1502086823; bh=bTsEB2Ha1ZNUh02eQXkM4XwzChGqYD4h/yPjnrjFfH8=; h=Subject:From:To:Date:In-Reply-To:References; z=Subject:=20Re:=20log=20centralizer?|From:=20Dennis=20Glatting=20< dg@pki2.com>|To:=20Aleksandr=20Miroslav=20 ,=20=0D=0A=09freebsd-questions@freebsd.org|Date:=20Sun,=2006=20Aug =202017=2023:20:23=20-0700|In-Reply-To:=20|References:=20=0D=0 A=09; b=qcZQlriuR8v2bUcqltxPcvgD/79/yalsGaL+1r+4K+ALJv/S67LKwTrOCVFAOvQ/r WWcHuOlz76MbMYkEdtnXmVLMkDQr0Jt6T7P/2jfLXbC8KtnT4x4RwtWX5zxRGOV0wR ufv1jf58/lPqzJwHTzDSYAWckVT19W4U0xdIQj/RqPRKQk4bNrrStUu0iGnouic+1F qImxy/YdzWAHszUEyt6Oyit5cNEH4EkNEfAMe1HGrNsMTmpsJWHDXzJOTg9HRMVL6i BuqqHcQ10n/smRcQh9rTLQ8ji7LyMAssbgUY+hio59VMOjMk2jli2SufeKVVixT6Bn pA3RGtgjHLWbg== Message-ID: <1502086823.5923.150.camel@pki2.com> Subject: Re: log centralizer? From: Dennis Glatting To: Aleksandr Miroslav , freebsd-questions@freebsd.org Date: Sun, 06 Aug 2017 23:20:23 -0700 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.24.2 FreeBSD GNOME Team Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-yoursite-MailScanner-Information: Please contact the ISP for more information X-yoursite-MailScanner-ID: v776KN8q052694 X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-From: dg@pki2.com X-Spam-Status: No X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Aug 2017 06:20:29 -0000 On Sun, 2017-08-06 at 22:39 -0700, Aleksandr Miroslav wrote: > I'm looking for a mechanism to collect and store all logs into a > centralized location. I'm not looking for a fancy graphical interface > (a la Splunk) to search those logs just yet, just collecting them on > a > centralized server is fine for the moment. > > Is there something available in ports/base that I can use for this > purpose? I took a quick look at ELK, it seems overly complicated, but > iIve never used it. The simple approach is to have a central MySQL database fed from rsyslog across the servers of interest. Costume devices, such as HVAC, could point to a rsyslog server which then feeds the database. Periodically run scripts against the database to generate summary information, build firewall rule sets, and for maintenance. For weird things, such as netflow off the switches and routers, forward the flows to a server, parse it, and then stuff it into the database. You can also create multi-master databases in case one goes offline or local optimization. I was looking at Cassandra for multi-master. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freeb > sd.org" -- Dennis Glatting Numbers Skeptic