On Fri, 10 Jul 2020 at 16:33, Pete Biggs <pete at biggs.org.uk> wrote: > > I asked a similar question about a year ago and didn't get any answers. > So I thought I'd try again. > Honestly, as much as I have heard of people using Elastic Kibana.. they are usually using it for things already in JSON. WHen I looked in the past I either found someone wanting me to set up a 20 node cluster to monitor logs or someone sayin they had but nothing in it. I was going to say I didn't know but decided to look again and I found this article https://devconnected.com/monitoring-linux-logs-with-kibana-and-rsyslog/ > What do people do to get their syslog messages on CentOS 7 into a > remote ELK stack. I've tried lots of things involving rsyslog, > filebeat, redis, logstash and so on in lots of different configurations > but nothing really works. > > I can get rsyslog to talk directly to logstash (acting as a syslog > server) but the messages don't have facility or severity codes in them > which makes it considerably more difficult to manage the messages. > The section "b – Routing from rsyslog to Logstash" of the article seems to cover a filter that needs to be added. You may have already tried this.. but that is about all i can help with currently. > P. > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos -- Stephen J Smoogen.