| 1 |
* Stefan G. Weichinger: |
| 2 |
|
| 3 |
> My goal: |
| 4 |
> |
| 5 |
> collect logs of postfix, nginx into the docker-containers running ES, |
| 6 |
> Kibana .. and learn my way from there. |
| 7 |
|
| 8 |
If you are not dead-set on Elasticsearch et al, I propose considering |
| 9 |
MongoDB as an alternative. |
| 10 |
|
| 11 |
There are syslog Modules that allow logging into MongoDB directly. On |
| 12 |
the DB side, collections (roughly equivalent to tables in relational |
| 13 |
databases) can be limited by size or by age, meaning that removing older |
| 14 |
data will happen automatically if you so wish. |
| 15 |
|
| 16 |
MongoDB also makes it easy to add data from sources with different data |
| 17 |
makeup to shared collections, because there is no rigid table structure. |
| 18 |
|
| 19 |
For analysis, MongoDB includes its own Aggregation Framework[1], which |
| 20 |
is a very powerful and versatile. While probably not relevant to your |
| 21 |
needs right now, It even comes with built-in geolocation search |
| 22 |
|
| 23 |
[1] https://docs.mongodb.com/manual/core/aggregation-pipeline/ |
| 24 |
|
| 25 |
I think very highly of MongoDB and encourage you to look into it as a |
| 26 |
possibility and as an interesing technical concept. |
| 27 |
|
| 28 |
-Ralph |
Archives