Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: "Stefan G. Weichinger" <lists@×××××.at>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] aggregate logs into Elasticsearch
Date: Sat, 04 Apr 2020 07:43:49
Message-Id: 8e156bd2-0bc6-94bb-caba-dbac8f80bf35@xunil.at
In Reply to: Re: [gentoo-user] aggregate logs into Elasticsearch by Ralph Seichter
1 Am 03.04.20 um 17:57 schrieb Ralph Seichter:
2 > * Stefan G. Weichinger:
3 >
4 >> My goal:
5 >>
6 >> collect logs of postfix, nginx into the docker-containers running ES,
7 >> Kibana .. and learn my way from there.
8 >
9 > If you are not dead-set on Elasticsearch et al, I propose considering
10 > MongoDB as an alternative.
11 >
12 > There are syslog Modules that allow logging into MongoDB directly. On
13 > the DB side, collections (roughly equivalent to tables in relational
14 > databases) can be limited by size or by age, meaning that removing older
15 > data will happen automatically if you so wish.
16 >
17 > MongoDB also makes it easy to add data from sources with different data
18 > makeup to shared collections, because there is no rigid table structure.
19 >
20 > For analysis, MongoDB includes its own Aggregation Framework[1], which
21 > is a very powerful and versatile. While probably not relevant to your
22 > needs right now, It even comes with built-in geolocation search
23 >
24 > [1] https://docs.mongodb.com/manual/core/aggregation-pipeline/
25 >
26 > I think very highly of MongoDB and encourage you to look into it as a
27 > possibility and as an interesing technical concept.
28
29 Thanks for the feedback.
30
31 I am not at all set on ES, it just was part of an article I read lately,
32 and so I started with that docker-compose stack example.
33
34 Yesterday I spent quite a while trying to pipe the journald entries into
35 the fluentd container, quite complicated and messy in a way.
36
37 Maybe I look into mongodb as well, for example I found this small howto:
38
39 https://www.fluentd.org/guides/recipes/maillog-mongodb
40
41 In the end I look for a solution to aggregate (systemd/journald) logs
42 into one pile of data and to be able to analyze stuff there.
43
44 All these solutions seem rather complicated and overly "academic" to me
45 ... but that might be my newbie status in this area.

Replies

Subject Author
Re: [gentoo-user] aggregate logs into Elasticsearch Ralph Seichter <abbot@×××××××××××.net>
Report Message
Find on MARC Find on Google Groups