[AusNOG] Syslog

Nathan Sullivan nathan at nightsys.net
Tue Sep 29 14:31:38 EST 2015


Logstash can be CPU hungry depending what type of logs and how much
processing you do on them. It scales out horizontally though and is
relatively stateless.

Elasticsearch is usually CPU (commonly for reads, especially bad with
suboptimal queries) and IO hungry, but all varies on your log retention
period and volume of logs being ingested.

Kibana is also relatively stateless, acts as a client+server app, and a lot
of the actual resources are on the Elasticsearch or user browser side.


Overall though, the 3 work very well together.

Regards, Nathan.

On Tue, Sep 29, 2015 at 2:28 PM, Nick Stallman <nick at agentpoint.com> wrote:

> I tried it on a VPS for awhile and it ran pretty well.
>
> The main problem was it only took a couple of weeks to run out of disk
> space grabbing logs from a handful of busy servers.
>
> On 29/09/15 14:26, James Morgan wrote:
>
>> I've seen the pretty pictures of Kibana running before (including, I
>> think, in Micron21's [then] new NOC images) and liked the idea of it when I
>> read up.  Thing is, it seems there's quite a bit to the stack and seems to
>> require Java underneath it all which gives me the impression that it could
>> be resource-hungry.  Would that seem like a reasonable assumption?
>>
>> -----Original Message-----
>> From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Chris
>> Jones
>> Sent: Tuesday, 29 September 2015 2:23 PM
>> To: Nick Stallman
>> Cc: James Morgan; ausnog at lists.ausnog.net
>> Subject: Re: [AusNOG] Syslog
>>
>> I'll second the recommendation for Kibana - the
>> ElasticSearch/Logstash/Kibana combination works nicely
>>
>> Chris
>>
>> On 29 Sep 2015, at 2:21 pm, Nick Stallman <nick at agentpoint.com> wrote:
>>>
>>> I've had a little play with Kibana which looks pretty awesome for
>>> aggregation and searching.
>>>
>>> On 29/09/15 14:19, James Morgan wrote:
>>>
>>>> Hi all,
>>>>
>>>> Can anyone provide feedback on some syslog collector and/or
>>>> analysis/visualisation software I should check out?  Probably not looking
>>>> for something massive and commercial as it's mainly for messing around with
>>>> at this stage.  Curious to know what's out there these days that people
>>>> like.
>>>>
>>>> Cheers,
>>>> James.
>>>>
>>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
> --
> Nick Stallman
> Technical Director
> Agentpoint Pty Ltd
> The Real Estate Web Developers
> Melbourne | Sydney | Miami
> nick at agentpoint.com
> www.agentpoint.com.au | www.zooproperty.com | www.ginga.com.au |
> www.business2.com.au
>
> Business2.com.au is a real estate agent information website that helps
> you understand Portals, Technology and comes with FREE tools to help your
> Agency become an online success!
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150929/ec2b7f2d/attachment.html>


More information about the AusNOG mailing list