What do you use a Central log server?

Hello, dear colleagues.

I have a need to create a Central log server (web interface), I tried to collect logs using rsyslog, it is very strange works, I tried to put ELK, but for some reason I can't connect other server to send the logs with them.

What programs do you use? Maybe there's a manual there or something, and I was racking my brain, I would be very grateful.

P. S the essence of the task: to collect from 30-40 servers, 15 routers logs on one server and to visualize them by type (ELK, LogAnalizer).
April 3rd 20 at 18:41
3 answers
April 3rd 20 at 18:43
rsyslog works fine. And ELK too. And Graylog. And even syslog-ng is running. Narrow.
I somehow rsyslog didn't want to work correctly, it sends data from one server another is not wanted for some reason, the ELK stack I have raised, but could not through Filebeat to send logs from the remote server to Central. for Graylog hear for the first time, and on account of syslog-ng I found the Visualizer, or I badly searched. - Dedric.V commented on April 3rd 20 at 18:46
@Dedric.V, filebeat quite simple, it is not clear that you do not go out. But try it sampit for fluentd - broo commented on April 3rd 20 at 18:49
And Graylog and logstash can get data via syslog Protocol. On client machines configure rsyslog to send logs over the network to the server catch them. - dexter16 commented on April 3rd 20 at 18:52
Okay, okay I will try, at the moment, thank you very much) - Dedric.V commented on April 3rd 20 at 18:55
By the way, I installed everything according to this manual
https://www.8host.com/blog/ustanovka-steka-elastic... - Dedric.V commented on April 3rd 20 at 18:58
April 3rd 20 at 18:45
ELK - or, or cloud (Logz.io, Elastic, AWS).
I tried to put wiped ELK but I was not connected to other servers

please send details, help
April 3rd 20 at 18:47
That ELK stands are not connected, - it is necessary to look for ways to connect + volume of logs (to send the logs by a few hundred kills in UPD without specific developments is a bad idea). In General, rsyslog local + remote ELK - will solve all your problems.

Find more questions by tags System administrationLogging