ExtremeSwitching (EXOS)

Expand all | Collapse all

Saving logs to Logstash

  • 1.  Saving logs to Logstash

    Posted 11-06-2014 17:07
    I am configuring my switches to save their logs to a central log server running Logstash. I had 2 questions regarding this. I'm using Summit switches.

    1. Does anyone know which facility is used for what? That is, when I type "configure syslog add 10.0.0.1:514 vr vr-default" and hit tab, I get this list:



  • 2.  RE: Saving logs to Logstash

    Posted 11-06-2014 18:20
    Well, I think I figured out that by configuring all 8 local levels I'm getting 8 copies of log messages. So I only need one of those.

    I eventually gave up on the Logstash thing. I did figure out that it uses a grok filter, but I'm going to need more time to figure out how it works. I also figured out that I'm getting enough information that it's useful the way it is.


  • 3.  RE: Saving logs to Logstash

    Posted 11-06-2014 19:36
    Hi James,
    I'm not very familiar with logstash, but you may be interested in looking at Splunk. It's very easy to set up and configure and may not be as picky about formatting. It provides facilities for building your own dashboards and reports by clicking fields you want to watch - less RegEx!

    The local0-local7 options are so that you can group filters and log level configurations. If you only want certain sets of data to be sent to a particular target, you can configure that from the switch and then only send that "filtered" data to your syslog target. As you've discovered, you generally only need one of them.

    If you do decide to try Splunk, the Extreme Networks EXOS for Splunk app may also be of interest if your Extreme gear can run EXOS 15.4+. It doesn't analyze "real-time" data, but rather provides an overview of network and device status based on reports through a configurable reporting frequency, part of the EXOS Proactive Service Framework. Full setup instructions are included in the app's readme file.

    I hope this helps!

    -Drew


  • 4.  RE: Saving logs to Logstash

    Posted 11-06-2014 21:00
    Eventually my syslog server is going to be collecting logs from around 200-400 devices. I am familiar with Splunk but I expect I'll hit the data caps that will make it more expensive than I can afford. Because of that I've stayed away from actually trying it out.

    From what I know about Logstash (and Elasticsearch and Kibana), it is as capable as Splunk, but like a lot of opensource products the ease of use, training and documentation is slim, pushing free users to become customers. In the meantime, I have far more than I had before. If I ever do figure out how to get Logstash to intelligently parse the EXOS logs I'll leave a message here with how I did that. Thanks for the information.


  • 5.  RE: Saving logs to Logstash

    Posted 09-22-2020 14:08

    Hi,

    Did u manage to make your logstash works ?

    Regards

    Rija