Analyzing Log files of very large size
Peter Boosten
freebsd at boosten.org
Mon Jul 12 07:44:07 UTC 2021
Paul Procacci schreef op 12-07-2021 08:20:
>
> Someone made mention of Elasticsearch and that's a good option too.
> All
> the work
> of indexing the data has already been done for you. You just don't
> have to
> mind paying
> for it. ;)
>
Not sure where you get the idea that you have to pay to use
Elasticsearch. I'm running an ELK stack happily in one of my jails,
gathering millions of logs, from the ports collection.
I admit that the modules collection on filebeat is somewhat limited (to
ingest/parse log files) on FreeBSD (and I really don't know why), but
you can solve that by downloading the source and add the modules
manually.
And it works like charm. With some configuration you even get security
running, and you have your own personal SIEM.
--
It never hurts to help!
Peter
More information about the freebsd-questions
mailing list