[pve-devel] pve-firewall: using NFLOG
Eric Blevins
eric at netwalk.com
Thu Mar 13 17:31:55 CET 2014
>>
>> I'm thinking about log centralisation in kibana webinterface, like this:
>>
>> https://home.regit.org/2014/03/suricata-ulogd-splunk-logstash/
>
> Well, looks like we just need to write a format those tools can read?
logstash can read just about anything, it can also listen on UDP or TCP
and accept data in a format you specify.
Logstash uses ElasticSearch to store the data, a scalable document
oriented search engine. Very easy to create a redundant HA ElasticSearch
cluster too. You could also just put the data directly into ES and save
resources by not using logstash.
Kibana is an awesome UI for logstash data stored in ES, it can store
pre-configured dashboards. Proxmox could create a dashboard for each
VM/Node then simply link to them:
https://logserver/#/dashboard/elasticsearch/VM101
This might not be a good fit for all Proxmox users.
I would prefer to tell Proxmox to send data to my existing logstash cluster.
More information about the pve-devel
mailing list