Date: Mon, 12 Jul 2021 10:05:33 -0400 From: Paul Procacci <pprocacci@gmail.com> To: Peter Boosten <freebsd@boosten.org> Cc: serejk@febras.net, KK CHN <kkchn.in@gmail.com>, freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Analyzing Log files of very large size Message-ID: <CAFbbPujgbtjBVqrKTQWA0KTjDBNwe9WcCyaTjbeVcmf4SJ-Npw@mail.gmail.com> In-Reply-To: <21b7622d88dbc84810881eb0edf7b36a@boosten.org> References: <CAKgGyB_TJrLWSjcnc9491Gg0Q5CLqLdmWx2yga_Ez7-gE6YcKQ@mail.gmail.com> <E9C00664-DAC7-4F58-BCCA-CDD2654C9325@febras.net> <CAKgGyB_reF4eqz4pvQj7tFsOQEEB3WrFZa-91L%2BNChm=85h0-A@mail.gmail.com> <d0ebe655c44cd2b5a70bbac4dcdddcc3@febras.net> <CAFbbPugNamorCpL1%2Bbkao06iWSUJkPS5V3KORs3SCUUChbBU5Q@mail.gmail.com> <21b7622d88dbc84810881eb0edf7b36a@boosten.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Ah, I'm accustomed to running Elasticsearch in AWS. My mistake. ;)
On Mon, Jul 12, 2021 at 3:44 AM Peter Boosten <freebsd@boosten.org> wrote:
> Paul Procacci schreef op 12-07-2021 08:20:
>
> >
> > Someone made mention of Elasticsearch and that's a good option too.
> > All
> > the work
> > of indexing the data has already been done for you. You just don't
> > have to
> > mind paying
> > for it. ;)
> >
>
> Not sure where you get the idea that you have to pay to use
> Elasticsearch. I'm running an ELK stack happily in one of my jails,
> gathering millions of logs, from the ports collection.
> I admit that the modules collection on filebeat is somewhat limited (to
> ingest/parse log files) on FreeBSD (and I really don't know why), but
> you can solve that by downloading the source and add the modules
> manually.
>
> And it works like charm. With some configuration you even get security
> running, and you have your own personal SIEM.
>
> --
> It never hurts to help!
>
> Peter
>
--
__________________
:(){ :|:& };:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFbbPujgbtjBVqrKTQWA0KTjDBNwe9WcCyaTjbeVcmf4SJ-Npw>