Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Links .. 

Fluentbit: https://fluentbit.io

Fluentd: https://fluentd.org

Fluentbit documentation: https://fluentbit.io/documentation/0.12/

Graylog: https://www.graylog.org/products/open-source

Grafana: https://grafana.com/oss


Create the Graylog server using debian 10. Replace 192.168.1.114 with your Graylog server IP below and pay attention to the echos:

...

<source>
type syslog
tag hostname_goes_here
</source>
<match *.*>
type copy
<store>
type gelf
host 0.0.0.0
port 12201
flush_interval 5s
</store>
<store>
type stdout
</store>
</match>

systemctl restart td-agent

systemctl enable td-agent


On Next steps to be executed on the sipXcom or Uniteme server(s), replace . Replace 192.168.2.14 with your sipxcom or uniteme server IP, and replace 192.168.1.114 with your graylog server IP on the last output.

# fluentbit on sipx/uniteme centos7
cd /etc/yum.repos.d/
nano fluentbit.repo

...

yum update
yum install td-agent-bit -y
mv /etc/td-agent-bit/td-agent-bit.conf ~/td-agent-bit.conf.orig
nano /etc/td-agent-bit/td-agent-bit.conf

[SERVICE]
Flush 5
Parsers_File parsers.conf
Plugins_File plugins.conf

[INPUT]
Name cpu
Tag cpu.local
Interval_Sec 1

...

[INPUT]
Name netif
Tag netif.eth0
Interval_Sec 1
Interface eth0

[INPUT]
Name health
Tag health.proxy
Host 192.168.2.14
Port 5060
Interval_Sec 60
Alert true
Add_Host true
Add_Port truetail
Path /var/log/sipxpbx/proxy_stats.json
Refresh_Interval 1
Parser json

[INPUT]
Name health
Tag health.registrar
Host 192.168.2.14
Port 5070
Interval_Sec 60
Alert true
Add_Host true
Add_Port true[INPUT]
Name health
Tag health.bridgetail
Path /var/log/sipxpbx/sipXproxy.log
Refresh_Interval 1
Skip_Long_Lines off
Multiline On
Multiline_Flush 25
Parser_Firstline syslog-rfc5424
Buffer_Chunk_Size 1M
Buffer_Max_Size 1G

[OUTPUT]
Name forward
Match *
Host 192.168.21.1412
Port 5090
Interval_Sec 60
Alert true
Add_Host true
Add_Port true

[INPUT]
Name health
Tag health.mongo
Host 127.0.0.1
Port 27017
Interval_Sec 60
Alert true
Add_Host true
Add_Port true

[INPUT]
Name health
Tag health.pgsql
Host 127.0.0.1
Port 5432
Interval_Sec 60
Alert true
Add_Host true
Add_Port true

[INPUT]
Name health
Tag health.dns
Host 24224


service td-agent-bit restart

systemctl enable td-agent-bit


Grafana on deb10

echo "deb https://packages.grafana.com/oss/deb stable main" > /etc/apt/sources.list.d/grafana.list
apt-get install apt-transport-https gnupg2 -y
wget -q -O - https://packages.grafana.com/gpg.key | apt-key add -
apt-get update
apt-get install grafana

You may need to edit /etc/grafana/grafana.ini to set the address to bind to. Grafana can use the Elasticsearch input to connect to the Graylog server.

Image Added

The graylog /etc/elasticsearch/elasticsearch.yml will need to be adjusted to listen to the ip and port 9200 and restarted before this will work.

root@graylog2:/etc/elasticsearch# grep -v "#" elasticsearch.yml
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.1.12
http.port: 9200
discovery.zen.ping.unicast.hosts: ["192.168.1.12", "127.0.0.1
Port 53
Interval_Sec 60
Alert true
Add_Host true
Add_Port true

[INPUT]
Name tail
Path /var/log/sipxpbx/proxy_stats.json
Refresh_Interval 1
Parser json

[OUTPUT]
Name forward
Match *
Host 192.168.1.114
Port 24224

service td-agent-bit restart"]

cluster.name: graylog
action.auto_create_index: false

Also edit /etc/graylog/server/server.conf and point to the elasticsearch ip instead of the localhost ip, then restart graylog

root@graylog2:/etc/graylog/server# grep "192.168.1.12:9200" server.conf
elasticsearch_hosts = http://192.168.1.12:9200