I currently think about creating a very basic shipper for log files, but wonder if it really makes sense. I am especially concerned if good tools already exists. Being lazy, I thought I ask for some wisdom from those in the know before investing more time to search solutions and weigh their quality.
I’ve more than once read that logstash is far too heavy for a simple shipper, and I’ve also heard that rsyslog is also sometimes a bit heavy (albeit much lighter) for the purpose. I think with reasonable effort we could create a tool that
- monitors text files (much like imfile does) and pulls new entries from them
- does NOT further process or transform these logs
- sends the resulting file to a very limited number of destionations (for starters, I’d say syslog protocol only)
- with the focus on being very lightweight, intentionnally not implementing anything complex.
This is a Security Bloggers Network syndicated blog post authored by Rainer Gerhards. Read the original post at: Rainer's Blog