Re: Adiscon LogAnalyzer? rsyslog + mongodb?
On 05/03/14 11:07, Daniel Pocock wrote:
> On 05/03/14 09:09, Florian Ernst wrote:
>> Hello all,
>>
>> On Tue, Mar 04, 2014 at 03:49:25PM +0100, Daniel Pocock wrote:
>>> The rsyslog mongodb output module and the PHP mongodb modules are now in
>>> wheezy-backports. This would appear to be sufficient to do something like:
>>>
>>> rsyslog => mongodb => loganalyzer
>>>
>>> Has anybody else tried that or does anybody have any comments on it (or
>>> recommended alternatives)?
>> That actually did work for a time, but something broke starting with
>> rsyslog 7.4.0-1. Since then the format of the data dumped into mongodb
>> doesn't match what tools like loganalyzer expect, cf. #721277 / #728827.
>> As I was merely experimenting with it I didn't follow up any further.
>
> Some of this looks like documentation bugs and/or problems with the
> default config rather than mongodb integration itself
>
> LogAnalyzer and rsyslog are from the same upstream too, so I would be
> surprised if they would not have them working together
>
> I had a look at the Git history for the ommongodb, does anything stand
> out here?
>
> https://github.com/rsyslog/rsyslog/commits/master/plugins/ommongodb
>
> You state the problem started with 7.4.0-1 - could you comment on the
> previous set of versions that you had working (both rsyslog and
> LogAnalyzer versions)?
>
>
Brief follow up:
LogAnalyzer is now packaged
rsyslog 7.4.8 in testing and wheezy-backports solves the problem
described by Florian, so a complete rsyslog/MongoDB/LogAnalyzer is now
quite trivial to setup on wheezy or jessie. Details in README.Debian
http://packages.qa.debian.org/l/loganalyzer.html
Reply to: