-
Notifications
You must be signed in to change notification settings - Fork 413
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Monitoring API for Logstash Forwarder #183
Comments
Some kind of stats interface to logstash-forwarder would be great.
etc. |
The state file, .logstash-forwarder, contains that info in json. I know there are json plugins for nagios but not sure it could handle the "check increasing" At the moment i just use a check_file_age plugin on .logstash-forwarder to make sure it don't get more than 60m old and that works a treat. Jason |
My recommendation is to do behavioral tests. Want to know if logs are going Perhaps a heartbeat log that you measure latency on? This is how I have -Jordan On Sunday, April 27, 2014, driskell notifications@github.com wrote:
|
I have logstash add an extra date field called index_timestamp, which is This can then be measured with a query for each host you're expecting logs
|
FWIW: Since all (most) of my logstash'd logs are going into ElasticSearch, I have Nagios running a simple query to ES to determine the most recent items grouped by sending host, and if the date falls out of spec (1 minute) it trips. |
I know syslog-ng and rsyslog support putting a mark ever X seconds, I have used this in the past for monitoring to ensure the system is actually logging. You can perhaps us that as a monitor by checking ES for it. |
We will add an API for filebeat for monitoring |
Then think about how well this goes together with the logstash http poller input :-) |
Hi I'm still testing this and would really like to have some sort of way to know and easily setup a check with icinga/nagios if logstash-forwarder is shipping logs or if it somehow has halted.
I dont know how to solve it, there could be a threshold in the config file which says to generete an error in a logfile if no logs has been processed under this threshold or some other way for a third party script to check when the last time was that logstash-forwarder processed a logfile.
Might be good to brainstorm if this feature seems feasible, I would love to have some sort of security by knowing that I will get an alarm if the logs stops to pour in.
Thanks
The text was updated successfully, but these errors were encountered: