I have a pretty simple requirement: once a day, slurp the previous day's dhcp syslog output into opensearch. (This is so that operators can respond to subpoena requests; realtime updates are not necessary.) There seems to be a rich selection of programs that can accomplish this, but they all seem rather complex: logstash, vector, fluent, fluent bit, ... Do you know of a simple solution?
@apgarcia Sending logs once a day is not implemented in syslog-ng, only real-time. Here is a blog describing how to send logs to OpenSearch: https://www.syslog-ng.com/community/b/blog/posts/opensearch-and-syslog-ng All you have to do is to add a filter, most likely something like: program("dhcpd")
Oh, and you might also want to add a disk buffer, so logs are stored temporarily even if OpenSearch is unavailable.
Add comment