Hi All
We have centralize logging server setup across network.
All the devices of Cisco or other devices send logs to SYSLOG-NG Server. they store in based on the IP and date and time as in folder.
Now i would like to take that date and create a easy dashboard and alert system.
I am thinking to 2 options here.
What is your suggestion ?
Thank you
R!
You can also simplify it to syslog-ng -> elasticsearch -> Kibana: https://www.balabit.com/blog/logging-to-elasticsearch-made-simple-with-syslog-ng/
Thank you, i have seen that post already,
As per my understanding, new syslog-ng can directly send the logs to elasticsearch.
But i am looking some normalization before sending to elasticsearch, due to heavy traffic from ASA or Checkpoint.
So i was thinking to use use logstash between, make sense ?
R!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.