Hi,
I am sure I am missing something or just dont get it but …
I have a syslog file that is on a central linux server and all remote linux servers send their syslog to it via rsyslog.
I need to be able to monitor/analyse that central syslog file and produce reports and email alerts etc from it.
I cant seem to find the best way to get to this using Icinga.
Can anyone advise ?
Thanks.
Dean.
Hi,
this has been discussed in this topic already: Icinga2 syslog docker
You might want to check possible integrations with log/event collection tools such as Elastic or Graylog, and integrate their alerts into Icinga then.
Cheers,
Michael
Hi Michael,
Thanks for the fast reply.
Yes I did read that topic but again I could not see the way it integrate the two together.
Also, I was trying to use Icinga to read and analyse the file itself … If I have to have Graylog between them, I may aswell use the builtin functions in Graylog to do the analysis.
From your reply, I assume that means that Icinga cannot read and process the file itself ?
Dean.
There are several scripts to monitor syslog file by parsing them, for example check_logs or check_logfiles.
For running those on the syslog server you will need to have either the icinga2 agent installed or use nrpe, to execute the script on the server itself.