Forwarding logs from Sun Solaris to ELK

DKalin0789e · July 11, 2023, 5:47pm

We need to find a workaround for forwarding logs from Sun Solaris to ELK. Any ideas - very welcome! No any vendors like Logstash, Filebeat, Vector officially support Log Forwarders on Sun Solaris. Any help? Thank you.

leandrojmp · July 11, 2023, 7:36pm

What kind of Logs?

If it is something that you can send to Rsyslog you may use it to forward the logs to a Logstash tcp/udp input.

Have you tried fluentd?

DKalin0789e · July 11, 2023, 7:48pm

Fluentd is not officially available/certified for Sun Solaris. I have tried to install and configure fluentd via Ruby packages and with Ruby environment. Spent a month of work for that. Didn't work. Thank you.

leandrojmp · July 11, 2023, 8:13pm

I'm not sure you will find a log forwarder that is officially available or certified for Solaris.

Elastic has Filebeat and Logstash, both are not officially supported.

Vector from Datadog also seems to not support Solaris, the same for Fluentbit and Fluentd.

Which version of Solaris are you running? Are you running on x64 or Sparc? There is this old post about compiling Filebeat to run on Solaris x86_64, but I'm not sure it still works.

Also, you didn't say what is the sourve of your logs, if it is something coming from Syslog or that you can send to Syslog, then configuring syslog to forward it to another server will work.

DKalin0789e · July 11, 2023, 8:21pm

We need to parse and forward to ELK a vendor-supplied proprietary application log text file like:

....
/../logs > grep max=90 server.log
....
2023-07-11 08:50:54,847 CDT ERROR [LoadBalancingController] - Cannot start a new 3rd party api session for user (svc_horizoniris2): exceeded the limit (max=90)
...

on following Solaris:

uname -a
SunOS chic-IrisISA01 5.11 11.2 i86pc i386 i86pc

cat /etc/release
Oracle Solaris 11.2 X86

leandrojmp · July 11, 2023, 8:31pm

Unfortunately none of the tools in the Elastic Stack works on Solaris.

You will need to check with the vendor of that application if it can send logs to a Syslog server, if it can then you can send it to Logstash.

If not you may need to write some tool yourself to read the lines and send them to another place.

DKalin0789e · July 11, 2023, 9:04pm

Thank you very much for your expertise.

system · August 8, 2023, 9:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.