[TriLUG] Opinions sought: Log parsing tools, postfix particularly

Kristopher Kane via TriLUG trilug at trilug.org
Mon Jul 10 14:44:51 EDT 2017 

Logstash (server side parser) + Elasticsearch (search + metrics) + Kibana
(UI) =  ELK stack  is in use at my place.  These are all JVM based tools.
Elasticsearch can be single node or scale out.  We have logs going in at
60k eps and searching from the same Elastic cluster. You can build these
types of metric dashboards very easily in Kibana.

Lucidworks champions banana in place of Kibana for Solr.  Looks like there
is a Solr output plugin for Logstash.  Like Elasticsearch, Solr can be
single node or scale out.

You have to know a pretty good amount about Elasticsearch and or Solr to
get started.

Kris

On Mon, Jul 10, 2017 at 10:18 AM, vikram sai balaji ulaganathan via TriLUG <
trilug at trilug.org> wrote:

> Some Enterprises use splunk. Not sure on how it works or cost. But this is
> something we have heard many times.
>
> On Jul 10, 2017 10:03 AM, "Brian via TriLUG" <trilug at trilug.org> wrote:
>
> Hi Folks,
>
> For a long time I've been using logwatch to give me daily synopses of my
> server's activity.  These days, I'm finding I want more detail,
> particularly as it applies to postfix rejections.  Right now I get a
> logwatch digest that tells me, for example, the daily number of 4xx and 5xx
> rejections that occur.  I'd like something that will let me optionally
> drill down to details about individual rejects, without having to grep my
> way through eye-crossing log files.  I could whip up something myself, but
> there's gotta already be several mature options out there among which I
> could choose.
>
> Any suggestions?  A web interface would be ideal; RDBMS back-end (ideally
> MySQL) a plus.
>
> I am JFG-ing-I, but I'm interested in usage anecdotes.
>
> Thanks,
> -Brian
> --
> This message was sent to: Vikram <tayirvadai.vikram at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  : https://www.trilug.org/mailman
> /options/trilug/tayirvadai.vikram%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome
> --
> This message was sent to: Kristopher Kane <kristopher.kane at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  : https://www.trilug.org/
> mailman/options/trilug/kristopher.kane%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome
>

More information about the TriLUG mailing list