-1

We are using logstash + elasticsearch + Kibana to parse, store and view our logs respectively.

Now, we want a notification/alert when a threshold for a particular log or threshold for a particular field (after parsing) is crossed. Eg: On a server number of logins per day is max 5. Now we want a notification if this threshold is crossed.

Can this be done via the tools we are using presently?? If not, can anyone suggest any open-source tools to achieve this and can be confiugerd with the present setup??

Any help is appreciated.

Siddharth Trikha
  • 149
  • 1
  • 5

1 Answers1

1

While not directly related to logstash OSSEC may be able to help out more in the alerting category.

I'm sure you could define thresholds within the system to alert.

http://www.ossec.net/files/auscert-2007-dcid.pdf

For general alerting and monitoring a combination of factors is good. You could even expose a counter to nagios to do alerting for you if you created the right sort of URL.

Steve Butler
  • 1,016
  • 9
  • 19