Suggested pipline for rsyslog

aqwserf · December 3, 2021, 5:03pm

Hi everyone !

Quite new user to the ELK stack, and after reading a lot of docs/threads, I'd like some suggestions about my current situation.

I have a couple of SOHO router running Openwrt, a Proxmox server and a VPS. I'd like to centralize these type of logs:

OpenWRT: syslog + fw (--log-prefix added)
Proxmox: syslog
VPS: syslog + fw (--log-prefix added) + nginx + fail2ban

As OpenWRT can't run filebeat, I have to rely on rsyslog (already configured). I'm able to view some rsyslog using this tutorial (rsyslogd -> logstash -> Elasticsearch) but I was wondering there's an easier way (aka KISS) to do that.

I was thinking about at leat two solutions:

using the syslog filebeat input module to gather syslog from OpenWRT, then Logstash to extract either syslog or iptables information and filebeat for Proxmox and VPS.
using rsyslog to store every events locally and then using the adequate module to use the predefined dashboards.

What do you think ? Any other easy solutions ?

Thanks !

system · December 31, 2021, 5:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sending logs to syslog using logstash Logstash	17	822	July 7, 2023
How to configure Logstash and Syslog ng to send and recieve logs? Logstash	6	3820	February 2, 2020
Design options for ingesting syslog data Logstash	5	1256	May 18, 2020
Simple Central log monitoring with ELK Logstash	21	2703	September 13, 2021
Filebeat vs syslog Beats filebeat	2	7445	July 5, 2017

Suggested pipline for rsyslog

Related Topics