Hi everyone !
Quite new user to the ELK stack, and after reading a lot of docs/threads, I'd like some suggestions about my current situation.
I have a couple of SOHO router running Openwrt, a Proxmox server and a VPS. I'd like to centralize these type of logs:
- OpenWRT: syslog + fw (
--log-prefixadded) - Proxmox: syslog
- VPS: syslog + fw (
--log-prefixadded) + nginx + fail2ban
As OpenWRT can't run filebeat, I have to rely on rsyslog (already configured). I'm able to view some rsyslog using this tutorial (rsyslogd -> logstash -> Elasticsearch) but I was wondering there's an easier way (aka KISS) to do that.
I was thinking about at leat two solutions:
- using the syslog filebeat input module to gather syslog from OpenWRT, then Logstash to extract either syslog or iptables information and filebeat for Proxmox and VPS.
- using rsyslog to store every events locally and then using the adequate module to use the predefined dashboards.
What do you think ? Any other easy solutions ?
Thanks !