Questions tagged [centralized-logging]

32 questions
10
votes
2 answers

What is the equivalent of 'sudo yum install -y awslogs' for apt-get?

According to aws documentation, this is the command to install the aws-log agent: sudo yum install -y awslogs However since I am using ubuntu, I have to use apt-get. But the aws-log package is not available. Is there an equivalent of the aws-log…
Anthony Kong
  • 2,976
  • 10
  • 53
  • 91
5
votes
1 answer

AWS Cloudwatch Agent not picking up changes

I'm stumped. I have two log files being watched by the AWS CloudWatch agent. The first one, /var/log/nginx/access.log, works perfectly fine. The second, /var/log/otherserver/access.log, is not having any changes picked up. Not eventually, not ever…
lsh
  • 148
  • 1
  • 12
3
votes
2 answers

Windows Event Forwarding large scale with multiple domains

Let me start off explaining what I'm trying to do: We have an RMM tool installed on lots of Windows servers. It is able to send Windows Event Logs to a central store, but not in an efficient or reliable way. I'd like to use the native WEF on Windows…
3
votes
1 answer

Handling log files across mulitple Windows Servers

I have an application that at any time could be running on 1 of 4 windows servers. Hence, if I am looking for a specific log item, it could be in any of the 4 log files. What I am looking to do is find a solution where I only need to look in one…
2
votes
0 answers

Skype for Business Centralized Logging Issue

I am trying to use logging to troubleshoot an issue with federation between Skype for Business & Cisco Jabber. Said federation works fine for me but not for a couple of my co-workers. When I start logging using ClsLogger.exe (Start-CsClsLogging)…
smccloud
  • 33
  • 4
2
votes
0 answers

Clean old release files in Sentry

I'm self-hosting Sentry 8 and /var/lib/sentry/files grew to a significant size. I tried launching a script to go through each project's releases via the API, select those older than X days, and remove all files relating to those releases. It seemed…
mpitt
  • 21
  • 2
2
votes
2 answers

syslog direct to AWS cloudwatch?

Is there a way to push POSIX syslog records directly to AWS cloudwatch? I know Cloudwatch can be rigged to look at the /var/log/messages files and similar. But is there a way -- a sylog.conf(5) setting, or a rfc5424 compatible listener, or some such…
2
votes
1 answer

Ignoring Healthchecks With Graylog-Collector

I have a log file with a mix of health checks and actual hits in it. I'd like to collect all the logs except the /healthcheck hits. Can graylog-collector handle this for me? I've read through the documentation here, but I don't see anything relevant…
Jon Buys
  • 244
  • 2
  • 5
2
votes
0 answers

How can I separate logs with rsyslog from a remote location for devices using the same IP?

I have a number of Yealink SIP phones at different locations that I am trying to centralize log collection for. I have set up a CentOS server at my main location with rsyslog. I am forwarding all traffic from UDP 514 to this server. There is no way…
1
vote
2 answers

What are some good patterns for cleaning up noisy logging alerts

In addition to traditional logging from applications going into e.g. Elasticsearch, an organisation may have an alerting system "Sentry" that receives log messages/exception events sent by applications over HTTP, and notifies developers of potential…
1
vote
0 answers

Logwatch for multiple log 'root directories' on a central log server?

I have multiple clusters, each with a service machine that also collects all the logs (rsyslog and RELP). I started separating them to /data/logs//* so the messages, maillog and other files are separate for each remote host in its own…
Ira
  • 139
  • 2
1
vote
1 answer

Apache piped logging failing

I am trying to write a simple apache piped logging directive and I am getting a failure. I just want to grep out 200 response codes for centralizing my log files to ELK. This is the custom log format that I created. LogFormat "%s %h %l %u %t \"%r\"…
Christopher
  • 11
  • 1
  • 2
1
vote
1 answer

Auditd not sending logs to centralized auditd log server

We have set up centralized logging of auditd messages for two machines: machine (www22.domain.com) is the source (centos8) machine (cls.domain.com) is the centralized log server (centos7) This was done in the standard way using auditd+audisp…
Ján Lalinský
  • 262
  • 1
  • 10
1
vote
0 answers

Rsyslog Filter in Ruleset

I want to create a central rsyslog server, and I want to create a file per type of log received. I need a filter that will look for specific strings in the incoming messages and then place them in the seperate log files. So if I see a log from a…
1
vote
2 answers

Why is a labels stage in my Promtail's ingestion pipeline without effect?

This is a part of my Promtail scrape configuration on various hosts to collect journald log entries to a Loki instance: - job_name: journald journal: labels: job: journald relabel_configs: - source_labels: -…
funky-future
  • 187
  • 10
1
2 3