I would like to have ephemeral ec2 instances push logs to a central flat-file store for archiving and manual perusing, as well has have that data pushed to elastic search. Is there a single agent that can tail local log files and both push them to a central flat-file store as well as push them … Read more
I have a few particular applications that are causing a LOT of logs in my syslog server. I would like to keep all of their logging in /var/log/messages or somewhere on the server, but I am trying to find a way to only send syslog messages to the syslog server for these apps if they … Read more
This is my first attempt to use the Centralized Logging Service to try to generate some logs for a problem a user is having, so perhaps I’m not doing something right. I’m using the commands below to start, stop and search the CLS, but every time I include a StartTime in the Search-CsClsLogging command it … Read more
I’d like to configure IIS (8.5) on an Azure VM to log to an Azure Files Share. I’ve proved access to the share by remoting onto the VM and persisting credentials using cmdkey and then navigating successfully via the UNC path in Windows Explorer. When I configure the IIS logging directory to point to the … Read more
I have a Syslog-ng 3.5 and freeradius2 Ubuntu server 16.04 both running as virtual machines in a vmware esxi 5.5 HYpervisor. Well from a previous post I got sylog-ng to send logs from /var/log/fereradius/radius.log directory to a remote syslog-ng server, The problem is I have almost no space left in the freeradius server. And I … Read more
I have multiple Apache servers and I want to centralize their access logs. I wonder if I can use named pipes and netcat for that, however I am afraid that 2 things may happen: The central log will be unreadable because if 2 servers happen to write to the log at the same time netcat … Read more
I’m planning to have a subset of end users running Chromebooks and would like to ingest system logs for those devices into a SIEM solution. Is there a way to do this? I see from Google documentation that there’s a manual process for retrieving logs, but I’m not seeing a method to automatically forward logs … Read more
I’m setting up a central server using rsyslog and auditd on CentOS 8. I was following this guide on how to send remote audit logs to my central server. Note: instead of going to /etc/audisp/, these files can be found on /etc/audit/ instead. So I had these Following configurations on both servers Client: /etc/audit/auditd.conf log_format … Read more
i configured rsyslog to store remote logs coming in under a custom directory: /var/log/fleet. The Logs created in the hostname and programm derived directories are created where intended, but the syslog of each remote host. Unintended behavior is that all remote logs from all hosts go to one file under: /var/log/fleet/syslog. Following configs are used: … Read more
I have a VM in GCE with docker installed. There I run containers using the Google Cloud Logging driver. I can see the logs in stackdrive logging. However, i can’t easily browse between logs of different containers. All the containers’ logs get indexed under the logName projects/my-project/logs/gcplogs-docker-driver Is there any way to have fields on … Read more
