Date: Mon, 07 Aug 2017 12:40:01 +0200 From: Dave Cottlehuber <dch@skunkwerks.at> To: freebsd-questions@freebsd.org Subject: Re: log centralizer? Message-ID: <1502102401.630259.1065410328.1B1106A7@webmail.messagingengine.com> In-Reply-To: <CACcSE1xP0c8yA44LLwTfX2nWWBqJf=VEgR07TbqmZwKTaLCd%2Bw@mail.gmail.com> References: <CACcSE1xP0c8yA44LLwTfX2nWWBqJf=VEgR07TbqmZwKTaLCd%2Bw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 7 Aug 2017, at 07:39, Aleksandr Miroslav wrote: > I'm looking for a mechanism to collect and store all logs into a > centralized location. I'm not looking for a fancy graphical interface > (a la Splunk) to search those logs just yet, just collecting them on a > centralized server is fine for the moment. > > Is there something available in ports/base that I can use for this > purpose? I took a quick look at ELK, it seems overly complicated, but > iIve never used it. While you *could* do this with base syslogd, it's not safe - you'd need to accept inbound UDP packets on your central servers, and there's no encryption support either. https://www.freebsd.org/cgi/man.cgi?query=syslogd has a nice quote: > The ability to log messages received in UDP packets is equivalent to an unauthenticated remote disk-filling service, and should probably be dis- abled by default. Some sort of inter-syslogd authentication mechanism ought to be worked out. To prevent the worst abuse, use of the -a option is therefore highly recommended. Here's what I use: - disable syslogd by default in /etc/rc.conf - use sysutils/rsyslog8 on each server forwarding to a central rsyslogd server - sysutils/spiped as an alternative to TLS certs for securing the rsyslog connections between systems - rsyslog can be configured to buffer forwarding to a disk queue if the remote instance isn't available (e.g. because you're rebooting/updating it). that alone is enough to meet your needs, but adding: - sysutils/graylog - textproc/elasticsearch2 is an easy additional config to get a nice searchable GUI. I'm happy to share some configs if you want to go down this path. A+ Dave
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1502102401.630259.1065410328.1B1106A7>