I have the latest ELK components installed on a CentOS 6 server, and running well. I'm currently capturing Windows logs, and CentOS 6 and 7 logs via Filebeat.
However, I have a number of CentOS 5 boxes on which I'm unable to install Filebeat (know issue), so I have to rely on natively forwarding syslog output via the following line in syslog.conf:
.@10.0.101.101:1514
Alas, I'm not capturing any logs. I've tried everything I can thing of to make this work (checking firewall setting, etc.). I can ping the ELK server, as well as telnet to port 1514. The only other thing I can think of is that my configs are wrong, and, so, am asking your help. I've posted my config files here: http://pastebin.com/qC3pdLRe
I haven't, as I don't want to mess up everything else that's working. I know that's wimpy, but I hope someone can see some misconfiguration that I'm not. Another set of eyes on my configs would be appreciated.
I've read a post or two suggesting alternatives to Filebeat for CentOS 5, namely Beaver and Nxlog (which I have running on my Windows servers, btw). Alas, the installation of these programs is a major pain, what with all of the dependencies required, some of which aren't available for the platform. That leads me back to having to make Logstash work with syslog on CentOS 5. Any help would be greatly appreciated.
As per the suggestion in another post, I installed rsyslog on my CentOS 5 boxes, and logs are now flowing into Logstash. Too easy, but I wonder what makes rsyslog work, and not syslog.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.