[pve-devel] pve-firewall: using NFLOG

Eric Blevins eric at netwalk.com
Thu Mar 13 17:31:55 CET 2014


>>
>> I'm thinking about log centralisation in kibana webinterface, like this:
>>
>> https://home.regit.org/2014/03/suricata-ulogd-splunk-logstash/
>
> Well, looks like we just need to write a format those tools can read?

logstash can read just about anything, it can also listen on UDP or TCP 
and accept data in a format you specify.

Logstash uses ElasticSearch to store the data, a scalable document 
oriented search engine. Very easy to create a redundant HA ElasticSearch 
cluster too. You could also just put the data directly into ES and save 
resources by not using logstash.

Kibana is an awesome UI for logstash data stored in ES, it can store 
pre-configured dashboards. Proxmox could create a dashboard for each 
VM/Node then simply link to them:
https://logserver/#/dashboard/elasticsearch/VM101

This might not be a good fit for all Proxmox users.
I would prefer to tell Proxmox to send data to my existing logstash cluster.






More information about the pve-devel mailing list