Filebeat for OS Solaris?

Hello, can you recommend any officially supported tool/agent/alternative for OS Solaris, like Filebeat, Fluentd, FluentBit, etc. which allows parsing log files, please? We use "collectd" at the moment. It works fine, but doesn't allow to do much with different kinds of log files. Many thanks!

Welcome to our community! :smiley:

The advice for this hasn't changed and there's many topics on this you can search on. You would probably be best off using syslog and sending it to Filebeat.

My two cents regarding this topic. You cannot compile filebeat any more (at least natively) on x86 Solaris because solaris has removed some ancient system call, which appeared that GO Lang thought was good idea to implement for file access... and they say that Solaris is legacy.. :slight_smile:

So the problem for compiling Filebeat on Solaris is in GO. At least this was situation with go1.14rel and Solaris 11.4 (with some 21' feb. update).

And if you happen to have some nasty multiline log files you want to transfer and parse (eg. Oracle DB alert log), then you are out of luck. You cannot get these logs transferred as they are(without any modification) with syslog derivatives. At least we couldn't.

So we ended up writing our own log transfer solution in Python and as we would have used only very minor functionality in Elasticsearch, we ended up writing also server side ourselves - log parsing, indexing, searching, alerting...etc.

Oracle users usually have the fat wallet but unfortunately Elastics pricing model is not built for taking advantage of that. And to create full support for another/new (legacy) operating environment is expensive and if pricing model does not support that, then it will not happen.

So, to all Solaris users, you can hack your way through, if possible and if not, you have the wonderful chance to have fun and build your own custom solution :slight_smile:


Fluentd by Ruby gems has been installed on Solaris 10 instead of Filebeat. Thanks.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.