JFYI: for the moment, I disabled the central syslog server in favor of
the new graylog instance. No need to change anything on the host side:
the syslog server is forwarding the traffic directly into the graylog
This means that the syslog server does NOT keep a copy of the remote
logs on disk any longer. Instead, everything is pushed directly into a
elasticsearch database for further processing.
This in turn means that the old monitoring check for outdated remote
logs is turned of. In the last weeks, I was working more on checking
why a specific host was not sending logs any longer - and often enough,
these hosts just had nothing to say (as they are planned replacements
that are not active, yet). In the end, I was becoming too lazy to
reconfigure that check again and again - so at least I am not sad about
loosing this check.
For those, who want to get a look at the new frontend for log files:
Note: a openSUSE heroes LDAP account (FreeIPA) is needed to log in.
A nice starting point might be the good documentation at:
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org