I'd like to centralize the logs for x number of Asterisk servers in Graylog2. I can't find ANY documentation on this, or any people having written about doing it before - which obviously seems odd to me.
I have an idea about using SNMP for this, but I'm not convinced that this is the best way to go about it.
Any suggestions or experience on how to achieve this will be highly appreciated.
I'm not familiar with Graylog2, unfortunately. However, if it's like other centralized logging solutions -- I'd venture to guess it works with syslog (looks like it from graylog's docs).
Logging Call Detail Records
First check to see that you have cdr_syslog.so loaded, module show to check this out.
asterisk2ri2*CLI> module show like syslog
Module Description
Use Count
cdr_syslog.so Customizable syslog CDR Backend 0
If you don't, you might need to choose it during compilation of Asterisk. (With a vanilla compile, it's likely already there)
Make sure your /etc/syslog.conf or /etc/rsyslog.conf is setup with a compatible entry the way you please, such as:
local4.* /var/log/asterisk/asterisk-cdr.log
You can then modify your /etc/asterisk/cdr_syslog.conf file to create a configuration like so:
[cdr]
facility = local4
priority = info
template = "We received a call from ${CDR(src)}"
For more information on CDR fields, checkout the Asterisk canonical wiki.
Then, either issue logger reload @ the Asterisk CLI, or restart Asterisk.
Logging Asterisk messages
If you'd like to log asterisk notices warnings and errors, you may also use in your /etc/asterisk/logger.conf a line such as:
syslog.local0 => notice,warning,error
...For what it's worth, I use similar techniques to get my logging working with the ELK stack, and logstash-forwarder.
