Hey all, got a quick question!
I want to receive, parse and store syslogs from various devices on my home network on my windows box. I know, I know, its a bit backwards but I’d like to proceed with this sort of setup if possible (not against discussion, of course).
I’ve looked and looked for options but it seems like everything has been bare bones and basically just receives, or is locked behind premium. Surely there’s some sort of solution out there, no? I’d be willing to implement something in Python if I need to but I’m considerably more hesitant when compared to using an open source soln.
Thanks for your time, looking forward to discussing/learning more!
I would recommemd setting up greylog. It’s pipelines are really mighty and not that hard to learn. You can run it in a VM.
If you really want to you can run filebeat on windows with a file output, so it will write everything in json format to a file. However you will still have to parse ot, make it searchable etc.
Yeah I’m familiar with filebeats and the ELK stack, set one of those up a long while ago to ingest Twitter from api before all that blew out a left kneecap haha.
I’ll check it out as well!
For the elk stack you can replace Logstash and Filebeat with Fluentbit and feed it directly to Elastic Search than use Kibana. I’ve found Logstash to be the resource hog and Fluentbit just runs a lot better imo.
Some docs:
https://docs.fluentbit.io/manual/pipeline/inputs/syslog
https://docs.fluentbit.io/manual/pipeline/outputs/elasticsearch
EDIT: All three of them can also be run in a docker or several depending on your needs and how you configure.
Sweeet, thank you!