Log shipping in TrueNAS CORE

[Sherzod]

Good afternoon,
I would like to clarify if there is any way to manage Truenas logs? I mean how do I send middlewared logs to elk?
I found instructions on how to send syslog logs to elk.

Managing System Logging

Provides information on setting up or changing the syslog server, the level of logging and the information included in the logs, and using TLS as the transport protocol.

www.truenas.com

But I didn't find instructions on how to send middleware and audit logs.

Thanks for your reply!

 

[Glorious1]

What is elk?

 

[jgreco]

What is elk?

Elk, more properly known as the Elk Stack or Elastic Stack, is a log storage and analysis stack. I would agree that "Elk" is probably as stupid a name as "Elm" was back in the day, since it's effectively non-searchable if you have no clue what it is.

But I didn't find instructions on how to send middleware and audit logs.

Middleware and audit logs should be part of the syslog stream, I would think. If not, there's probably no "special" mechanism for centralized logging if they are only being stored in a local file. If that's the case, you could report a bug and ask for it to be handled by syslog.

 

[winnielinnie]

I would agree that "Elk" is probably as stupid a name as "Elm" was back in the day, since it's effectively non-searchable if you have no clue what it is.

Don't you love software that adopts the "simplistic" naming scheme?

What does it do? Log things? We'll call our software... "Log". It'll look so clean in the package repo and menu screens. Its function is obvious!

 

[jgreco]

Don't you love software that adopts the "simplistic" naming scheme?

Well, "Elm" came from my generation and it stands for "ELectronic Mail", following the UNIX tradition of shorthanding basic commands down to two or three logical letters. At some point folks came up with crap like "LAMP stack" which referred to a suite of crap (might help to understand that I consider both the "L" and "M" to be total crap) but Elastic's "Elasticsearch, Logstash, and Kibana" doesn't even describe what it does, it's merely the names of more products, one of which is relatively unscrutable. But then they have the stones to go renaming it, more than once. ELK became "ELK Stack" and then became "Elastic Stack". It just becomes more useless crap to remember.

 

[danb35]

Well, "Elm" came from my generation and it stands for "ELectronic Mail", following the UNIX tradition of shorthanding basic commands down to two or three logical letters.

...and that at least is justified by the slow terminals of the day. Some of the more modern examples, though...

And how on earth does nginx become E in LEMP?

 

[gdreade]

At some point folks came up with crap like "LAMP stack" which referred to a suite of crap (might help to understand that I consider both the "L" and "M" to be total crap) [...]

Wait a second; you consider 'L' to be crap but you give 'P' a pass? One has to wonder about your life priorities ;)

 

[jgreco]

Wait a second; you consider 'L' to be crap but you give 'P' a pass? One has to wonder about your life priorities ;)

I thought I'd get torn to shreds if I talked smack about three (or even four) of the four letters, but I concede it is entirely possible to criticize PHP, and Apache also for that matter. I did at one point write an entire web based billing system for a retail USENET operation including credit card and PayPal integration in PHP but that was more than 15 years ago now.

 

[jarechiga]

And how on earth does nginx become E in LEMP?

Big hyperbole:
NGINX stands for "Engine X" so ... LEMP!

 

[winnielinnie]

Remember LAME, the MP3 encoder? What did LAME stand for? LAME Ain't an MP3 Encoder

I hate software developers and engineers sometimes...

 

[sretalla]

And back to the original ELK...

Elasticsearch (data management)
Logstash (log ingestion)
Kibana (dashboard)