On Mon, Feb 5, 2018 at 9:27 PM, James Bensley wrote:
> On 5 February 2018 at 18:57, wrote:
> > On Mon, 05 Feb 2018 10:49:42 -0800, "Scott Weeks" said:
> >> I have no knowledge of syslog-ng. Does it do the
> >> real time scrolling like I mention?
> >
> > Use 'tail -f' or similar.
>
> The only p
On 2018-02-03 15:49, Scott Weeks wrote:
Then, you can watch your network in real time
like so (below is all one line):
tail -f /var/log/router.log /var/log/switch.log
| egrep -vi 'term1|term2|termN'
'egrep -v' takes out all the lines you don't
want to see while the syslog messages scroll
across
On Mon, 05 Feb 2018 20:27:13 +, James Bensley said:
> On 5 February 2018 at 18:57, wrote:
> > On Mon, 05 Feb 2018 10:49:42 -0800, "Scott Weeks" said:
> >> I have no knowledge of syslog-ng. Does it do the
> >> real time scrolling like I mention?
> >
> > Use 'tail -f' or similar.
>
> The only
On 5 February 2018 at 18:57, wrote:
> On Mon, 05 Feb 2018 10:49:42 -0800, "Scott Weeks" said:
>> I have no knowledge of syslog-ng. Does it do the
>> real time scrolling like I mention?
>
> Use 'tail -f' or similar.
The only problem is that with BASH based solutions is that they are
slow. They d
On Mon, 05 Feb 2018 10:49:42 -0800, "Scott Weeks" said:
> I have no knowledge of syslog-ng. Does it do the
> real time scrolling like I mention?
Use 'tail -f' or similar.
pgppqrj2ic42P.pgp
Description: PGP signature
--- sh...@short.id.au wrote:
In addition to that, you can use some fancy awk colour
coding, so you can make it highlight certain lines based
on content.. I use this for my e-mail logs, but I’m sure
it could be adapted:
tail -n 1000 -f /var/log/mail-submission.log | grep smtp.*relay | awk '
--- ta...@lanparty.ee wrote:
> This is done with the 'logging facility'
> command on the devices:
>
> After defining your syslog server's IP
> address and the level of messaging you want
> (I set it to debug because I want to see
> everything):
>
> on the routers: logging facility local0
> on t
In addition to that, you can use some fancy awk colour coding, so you can make
it highlight certain lines based on content.. I use this for my e-mail logs,
but I’m sure it could be adapted:
tail -n 1000 -f /var/log/mail-submission.log | grep smtp.*relay | awk '
/sent/ {print "\033[32m" $0 "\
I really recommend setting up fluentd, and then routing logging from there
- it makes it very easy to keep auditor-appeasing logs, while also having
important stuff sending pages. Log aggregation, organization, and search is
a hard problem, other people have already done it and provided it as a
ser
hey,
This is done with the 'logging facility'
command on the devices:
After defining your syslog server's IP
address and the level of messaging you want
(I set it to debug because I want to see
everything):
on the routers: logging facility local0
on the switches: logging facility local1
Alt
--- jmai...@jmaimon.com wrote:
Centralized logging is a good thing. However,
what happens is that every repetitive, annoying
but not (usually) important thing fills up the
log with reams of what you are not looking for.
---
Apologies, I'm late to the party.
From the systems side we got HoneycombIO which shifts a bit to calling itself
events rather than logs management. I don't know anyone else who's tried using
it for networks per se but that's on my "interesting tech tools explorations"
medium length list.
-george
Sent from my iPhone
> On J
On Thu, Jan 25, 2018 at 11:10:02PM -0500, Joe Maimon wrote:
> What I am interested in is an automated zoom-in zoom-out tool to mask the
> repetition of "normal" events and allow the unusual to stand out.
This is an approach outlined by Marcus Ranum years ago; he called it
"artificial stupidity", a
+1 for Graylog, you can pour ALL your syslog data into it, and then
configure what are called streams. Streams are a way to whittle down the
incoming log flows and see something LESS than everything. You can create
a stream that only shows these 6 devices, or one that only shows log info
fro
ELK stack.
Java RAM devoring monster but Kibana makes indexing easy.
-
Alain Hebertaheb...@pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443
On
On Fri, Jan 26, 2018 at 6:30 AM, Steven Miano wrote:
>either ELK (or any derivative there of such as: Elasticache, Fluentd, Kibana)
I'm partial to graylog - it does some of the heavy lifting of getting a
logging-centric ELK stack up and running
-Ed
Splunk is the obvious solution that most organizations with a mature
security group will likely already have in their portfolio.
Going a step further, and with an abundance of skill, ability, and
forethought: either ELK (or any derivative there of such as: Elasticache,
Fluentd, Kibana), or rsyslog
On Thu, Jan 25, 2018 at 8:11 PM Joe Maimon wrote:
> Hey All,
>
> Centralized logging is a good thing. However, what happens is that every
> repetitive, annoying but not (usually) important thing fills up the log
> with reams of what you are not looking for.
>
> Networks are a noisy place and sile
Hey All,
Centralized logging is a good thing. However, what happens is that every
repetitive, annoying but not (usually) important thing fills up the log
with reams of what you are not looking for.
Networks are a noisy place and silencing every logged condition is
impractical and sometimes u
19 matches
Mail list logo
