tlog
tlog copied to clipboard
Scribery
Send directly to elasticsearch without needing to send to rsyslog first
Hi @theblazehen, this perhaps would be good to do. Could you perhaps describe your use case, what kind of setup do you have in mind? Thank you.
Hi @spbnick, it could simplify configuration if you could just put in the elasticsearch details in directly in the tlog configuration file, instead of needing to configure it in rsyslog, which is one extra component that is needed.
Although it isn't the fault of the tlog project, in my case the distribution provided version of rsyslog (CentOS 7) can't send data to elasticsearch 6, and if tlog could send data directly to elasticsearch then we wouldn't have that issue, and I'm sure that others may prefer being able to configure tlog to send data directly rather than needing to configure rsyslog as well.
Ah, I see. Yes that would be useful. However, what are you going to do with other logs? Don't you need them in Elasticsearch? Or are you just focusing on storing recordings somewhere?
Ideally we would be storing all logs in elasticsearch, but some of our clients who are interested in this may not have an existing logging solution, and are just looking at storing recordings for now.
+1 from me for this. Back when I last implemented FreeIPA (IdM) for a client, we also ran Logstash indexers on each FreeIPA server to allow forwarding of logs back to central ES cluster. We were not allowed to do that for all systems (actually prevented from doing so), but were asked to find a session recording solution that WOULD work on all systems. So centralised logging and session recording does not always go hand in hand.
