ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    SysLog Forwarding for XenServer

    Scheduled Pinned Locked Moved IT Discussion
    rsyslogxenserverloggingkibanaelkelasticsearch
    110 Posts 10 Posters 28.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BRRABillB
      BRRABill @DustinB3403
      last edited by

      @DustinB3403 said in SysLog Forwarding for XenServer:

      @BRRABill said in SysLog Forwarding for XenServer:

      @DustinB3403 said in SysLog Forwarding for XenServer:

      For anyone curious how to stop any local logging just modify

      /var/lib/syslog.conf
      

      Comment out everything that hits a local path, leaving the @<ip_addr> as the only option.

      Reboot and see if it sticks.

      It did not for me.

      Will test tomorrow.

      That was my issue. On reboot it would wipe out the changes I made.

      stacksofplatesS 1 Reply Last reply Reply Quote 0
      • stacksofplatesS
        stacksofplates @BRRABill
        last edited by

        @BRRABill said in SysLog Forwarding for XenServer:

        @DustinB3403 said in SysLog Forwarding for XenServer:

        @BRRABill said in SysLog Forwarding for XenServer:

        @DustinB3403 said in SysLog Forwarding for XenServer:

        For anyone curious how to stop any local logging just modify

        /var/lib/syslog.conf
        

        Comment out everything that hits a local path, leaving the @<ip_addr> as the only option.

        Reboot and see if it sticks.

        It did not for me.

        Will test tomorrow.

        That was my issue. On reboot it would wipe out the changes I made.

        In a pinch you can do chattr +i on the rsyslog.conf file to make it immutable.

        BRRABillB 1 Reply Last reply Reply Quote 0
        • BRRABillB
          BRRABill @stacksofplates
          last edited by

          @stacksofplates said in SysLog Forwarding for XenServer:

          @BRRABill said in SysLog Forwarding for XenServer:

          @DustinB3403 said in SysLog Forwarding for XenServer:

          @BRRABill said in SysLog Forwarding for XenServer:

          @DustinB3403 said in SysLog Forwarding for XenServer:

          For anyone curious how to stop any local logging just modify

          /var/lib/syslog.conf
          

          Comment out everything that hits a local path, leaving the @<ip_addr> as the only option.

          Reboot and see if it sticks.

          It did not for me.

          Will test tomorrow.

          That was my issue. On reboot it would wipe out the changes I made.

          In a pinch you can do chattr +i on the rsyslog.conf file to make it immutable.

          Yeah on the bottom of that article everyone talks about it basically says to change the permission to make it unwritable.

          But they call that a QUOTE dirty, dirty tirck UNQUOTE.

          1 Reply Last reply Reply Quote 0
          • BRRABillB
            BRRABill @BRRABill
            last edited by

            @BRRABill said in SysLog Forwarding for XenServer:

            @momurda said in SysLog Forwarding for XenServer:

            I donwloaded the Graylog OVA this morning to test it out and put it on my XS pool.

            I cannot get it to import onto my XS.

            Did you just import it in with no issues?

            I tried on my other XS and it worked fine.

            Must have been a memory issue on my test one.

            1 Reply Last reply Reply Quote 0
            • BRRABillB
              BRRABill @momurda
              last edited by

              @momurda said in SysLog Forwarding for XenServer:

              I think it is important to note that the graylog ova is preconfigured to 'just work' according to their site, and it seems to do just that. I will try adding some of my windows vm to this and see what happens later today or tomorrow.

              Once I had it imported onto my XS, I had it logging in seconds.

              Pretty sweet.

              If only I was using open source and virtualization years ago!!!!!!

              1 Reply Last reply Reply Quote 2
              • momurdaM
                momurda @BRRABill
                last edited by

                @BRRABill
                Yes, no issues. Didn't even use the fixup disc option. Took a few minutes to start up but it worked right away

                BRRABillB 1 Reply Last reply Reply Quote 0
                • BRRABillB
                  BRRABill @momurda
                  last edited by

                  @momurda said in SysLog Forwarding for XenServer:

                  @BRRABill
                  Yes, no issues. Didn't even use the fixup disc option. Took a few minutes to start up but it worked right away

                  Yep, pretty sweet indeed.

                  When I get some time I'm going to forward all my Windows event logs there.

                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @BRRABill
                    last edited by

                    @BRRABill said in SysLog Forwarding for XenServer:

                    @momurda said in SysLog Forwarding for XenServer:

                    @BRRABill
                    Yes, no issues. Didn't even use the fixup disc option. Took a few minutes to start up but it worked right away

                    Yep, pretty sweet indeed.

                    When I get some time I'm going to forward all my Windows event logs there.

                    You've got GrayLog2 working now?

                    BRRABillB 1 Reply Last reply Reply Quote 0
                    • BRRABillB
                      BRRABill @scottalanmiller
                      last edited by

                      @scottalanmiller said in SysLog Forwarding for XenServer:

                      @BRRABill said in SysLog Forwarding for XenServer:

                      @momurda said in SysLog Forwarding for XenServer:

                      @BRRABill
                      Yes, no issues. Didn't even use the fixup disc option. Took a few minutes to start up but it worked right away

                      Yep, pretty sweet indeed.

                      When I get some time I'm going to forward all my Windows event logs there.

                      You've got GrayLog2 working now?

                      Yeah it was super simple.

                      1 Reply Last reply Reply Quote 0
                      • BRRABillB
                        BRRABill
                        last edited by

                        I am the new King of Open Source.

                        dafyreD 1 Reply Last reply Reply Quote 0
                        • dafyreD
                          dafyre @BRRABill
                          last edited by

                          @BRRABill said in SysLog Forwarding for XenServer:

                          I am the new King of Open Source.

                          H aha ha. How's that?

                          BRRABillB 1 Reply Last reply Reply Quote 0
                          • BRRABillB
                            BRRABill @dafyre
                            last edited by

                            @dafyre said in SysLog Forwarding for XenServer:

                            @BRRABill said in SysLog Forwarding for XenServer:

                            I am the new King of Open Source.

                            H aha ha. How's that?

                            It's my answer to anything.

                            Need a new logging server? Open Source!

                            Need a new XXXXXX? Open Source!

                            1 Reply Last reply Reply Quote 1
                            • 1
                            • 2
                            • 3
                            • 4
                            • 5
                            • 6
                            • 4 / 6
                            • First post
                              Last post