Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
redhat:server-monitoring-redhat:start [2018/05/16 15:15] – [System-weites Logging der User Commands] michael | redhat:server-monitoring-redhat:start [2020/03/05 16:04] – michael | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Server Monitoring Redhat / CentOS ====== | ====== Server Monitoring Redhat / CentOS ====== | ||
- | ===== System-weites | + | |
+ | |||
+ | ===== Systemweites | ||
Gewünscht wird das loggen von sämtlichen Kommandos, aller Usern System-weit. Um dies zu realisieren müssen dazu zwei Files angepasst und der '' | Gewünscht wird das loggen von sämtlichen Kommandos, aller Usern System-weit. Um dies zu realisieren müssen dazu zwei Files angepasst und der '' | ||
- | | + | |
<WRAP center box 100%> | <WRAP center box 100%> | ||
< | < | ||
Line 108: | Line 110: | ||
</ | </ | ||
</ | </ | ||
- | - '' | + | |
+ | * '' | ||
< | < | ||
# vim / | # vim / | ||
Line 208: | Line 211: | ||
# ### end of the forwarding rule ### | # ### end of the forwarding rule ### | ||
</ | </ | ||
- | - '' | + | |
+ | * '' | ||
< | < | ||
# touch / | # touch / | ||
Line 214: | Line 218: | ||
</ | </ | ||
- | | + | |
< | < | ||
# systemctl restart rsyslog.service | # systemctl restart rsyslog.service | ||
Line 222: | Line 226: | ||
+ | ===== Splunk (Elasticsearch) | ||
- | ---- | + | ==== Installation von Elasticsearch ==== |
- | ===== Weiteres ===== | + | ==== Splunkforewarder Setup ==== |
+ | ... FIXME | ||
+ | |||
+ | Custom logs sind möglich. Unten ist dokumentiert wie das geht: | ||
+ | < | ||
+ | ### Monitor custom logs with splunkforwarder | ||
+ | |||
+ | # Create app folder structure | ||
+ | CUSTOM_APP=/ | ||
+ | mkdir -p $CUSTOM_APP | ||
+ | |||
+ | # Create inputs.conf and specify your custom logs | ||
+ | cat << EOF > ${CUSTOM_APP}/ | ||
+ | ### Put your custom logfiles here and define sourcetype and index | ||
+ | ### Documentation can be found here: https:// | ||
+ | |||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | EOF | ||
+ | |||
+ | # Restart splunkforwarder | ||
+ | systemctl restart splunkforwarder | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | ===== Logging Stacks - Infrastructure Logging ===== | ||
+ | |||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | |||
+ | ===== Weiteres ===== | ||
Zabbix: http:// | Zabbix: http:// |