ELK Stack, meet VMWare Server. Since VMWare’s ESXi runs on some Linux kernel, it shares the logging facilities we’re familiar with on Linux systems. Going about forwarding syslog messages to a remote box is a bit different thou. Luckily, VMWare’s Knowledge Base is very thorough if you know where to look.
In this post, I am will be go over using the Collectd input on Logstash for gathering hardware metrics. For Logstash output, I am going to be using Elastcisearch. Logstash will allow us to centralize metrics from multiple computers into Elasticsearch. On top of Elasticsearch, I am using going to be using Kibana to display these metrics.
To this Kibana dashboard, we could add additional metrics for the processes taxing the system being monitored. This would effectively show a cause and effect story in one integrated dashboard.
UPDATE Feb 5, 2015 – Logstash Is Not Eating My Logs
For the past few days, I’ve been testing different scenarios for sending and receiving messages between computers using logstash. Setting up was straightforward. Using Sysloggen, I’ve been able to send a large number of messages through. Only one concern; I am loosing messages.
I want to talk about Logstash, a new-ish tool (to me) for managing computer logs. Logstash can easily collect logs from multiple computers or instances, transfer them to a central computer for aggregation and can even be used to parse and search these logs for analysis as they are handled. A mouthful indeed. Logstash is open-source software and is written in JRuby so it runs in the JVM. Running on the JVM has various advantages such as easy of deployment and wealth of tuning expertise available.