Suggested pipline for rsyslog

Hi everyone !

Quite new user to the ELK stack, and after reading a lot of docs/threads, I'd like some suggestions about my current situation.

I have a couple of SOHO router running Openwrt, a Proxmox server and a VPS. I'd like to centralize these type of logs:

  • OpenWRT: syslog + fw (--log-prefix added)
  • Proxmox: syslog
  • VPS: syslog + fw (--log-prefix added) + nginx + fail2ban

As OpenWRT can't run filebeat, I have to rely on rsyslog (already configured). I'm able to view some rsyslog using this tutorial (rsyslogd -> logstash -> Elasticsearch) but I was wondering there's an easier way (aka KISS) to do that.

I was thinking about at leat two solutions:

  • using the syslog filebeat input module to gather syslog from OpenWRT, then Logstash to extract either syslog or iptables information and filebeat for Proxmox and VPS.
  • using rsyslog to store every events locally and then using the adequate module to use the predefined dashboards.

What do you think ? Any other easy solutions ?

Thanks !

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.