Logging
Different logging servers
2 topics in this forum
-
- 1 follower
- 0 replies
- 2k views
Here you will find some examples of how to utilize splunk in different ways. Example of how to find all hostnames and source files that are reporting data for a sourcetype index=* sourcetype="f5:bigip:syslog" hostname="*" | stats count by hostname host source This example will show you hostname - source and what are the stats per device so you can identify if all your devices are reporting to splunk as you thought. Also what devices are reporting a lot of data (maybe debug is turned on). Another pretty quick query that I prefer is this one | tstats count as totalCount earliest(_time) as firstTime latest(_time) as lastTime where index="*" sourcetype=…
Last reply by rev.dennis, -
- 0 replies
- 1.2k views
This is what I have working at the moment. All the remote devices just point to ubuntu box that is running syslog-ng $ cat /etc/syslog-ng/syslog-ng.conf @version: 3.5 @include "scl.conf" @include "`scl-root`/system/tty10.conf" # Syslog-ng configuration file, compatible with default Debian syslogd # installation. # First, set some global options. options { flush_lines(0); use_dns(persist_only); use_fqdn(yes); owner(root); group(adm); perm(0640); stats_freq(0); bad_hostname("^gconfd$"); normalize_hostnames(yes); keep_hostname(yes); create_dirs(yes); }; ######################## # Sources ######################## source s_local { …
Last reply by rev.dennis,