Hi guys , im learning elk.
Just asking for some advices building my first loggin server.
I need to gather al logs incoming from my mikrotik devices.
Question is:
What do I need to accomplish that ? (I already have my basic elk installed and working).
Single logstash + kibana setting ?
Any light on this would wellcome for reading.
Regards.
Where mikrotik devices save logs ?
You have first to identifiy data source and format, then see how you can ingest them into elasticsearch (using beats or logstash, or any integration with any broker), then Yes kibana to visualize the data
If you could provide more details on your use case ?
Dear ylarsy:
Thanks for your words, let me explain better:
Mikrotik devices store log lines locally on device memory.
Is it very easy to export log lines to remote server.
Then you can specify facility , severitiy and format RFC 3164 (syslog bsd) compatible.
So , I think discussion here is which is easier to set:
filebeats or logstash ? and what do you mean with "any broker" ?
Regards.
Leandro
If you can configure devices to send syslogs then you can setup directly logstash to receive syslogs and process them and send them back to elasticsearch.
You can run ELK on the same server to start if you don't have too much volume of logs.
You will need to use logstash syslog input plugin to receive syslogs from devices
1 Like
thanks!
Il try.
Filebeat also has a syslog input - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-syslog.html
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.