cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tamas Monos <tam...@veber.co.uk>
Subject RE: Splunk
Date Thu, 18 Oct 2012 12:59:13 GMT
Hi,

You could use syslog-ng on your management servers.
Set up a file source for syslog-ng (eg.):
file("/var/log/managementserver.log" program_override("CS-Manager1: "));

Then set up a remote destination (eg.):
destination d_tls {
    tcp("splunk.myserver.com" port(516)
    tls( ca_dir("/opt/syslog-ng/etc/ca.d")
    key_file("/opt/syslog-ng/etc/key.d/syslog.key")
    cert_file("/opt/syslog-ng/etc/cert.d/syslog.crt"))
    );

Then tell syslog-ng what to do (eg.):
log {
source(s_local);
destination(d_messages);
destination(d_tls);
}

On the splunk box you should have another syslog-ng running if you want TLS and redirect it
into splunk from there otherwise just point it at your splunk listener.
Hope this helps.

Regards

Tamas Monos                                               DDI         +44(0)2034687012
Chief Technical                                             Office    +44(0)2034687000
Veber: The Hosting Specialists               Fax         +44(0)871 522 7057
http://www.veber.co.uk

Follow us on Twitter: www.twitter.com/veberhost
Follow us on Facebook: www.facebook.com/veberhost


-----Original Message-----
From: Mathias Mullins [mailto:mathias.mullins@citrix.com] 
Sent: 17 October 2012 18:40
To: cloudstack-users@incubator.apache.org
Subject: Splunk

We are trying to setup Splunk to do log parsing for a cluster of 4 management servers. Does
someone have some experience on this or some script settings that have been effective with
them?

Thanks,
Matt


Mime
View raw message