25. 09. 2018 Gianluca Piccolo Log Management, Log-SIEM, NetEye

NetEye 4 Log Management: Rsyslog and the Elastic Stack

When you need to manage and collect large amounts of data, there can be a lot of hard tasks to do.  So we decided to take some of the best Open Source tools to help us do it in the best possible way.  Let me introduce you to Rsyslog and the Elastic Stack implementation for NetEye 4 Log Management.

Rsyslog (Version 8)

As the official website says, Rsyslog is the rocket-fast system for log processing.  It manages huge amounts of incoming log data, pre-processes it, and delivers it to local destinations at a rate of over one million messages per second.

The version we decided to adopt is version 8, the latest stable release.  The main features for this version are:

  • Multi-threading
  • TCP, SSL, TLS, and RELP ready
  • Whole syslog message filtering
  • A fully configurable output format

We use it to collect data from multiple agents, and we configured it to write the logs into the file system.  The configuration includes the rules to allow the agents to send log messages to the Rsyslog service, along with the directives to write the log files into the file system.

The rules for the agents are written in a fully automated way by the Icinga Web 2 Log Manager module, but they are placed in a conf.d/ directory so that when the Rsyslog service is started, manual configuration files can also be loaded by placing them in that same folder (/neteye/shared/rsyslog/conf/rsyslog.d).

The Elastic Stack (Version 6)

Built on an open source foundation, the Elastic Stack lets you reliably and securely take data from any source, in any format, and search, analyze, and visualize it in real time.  It is made of three main products: Elasticsearch, Logstash and Kibana.

Logstash

Logstash is a server-side data processing pipeline that ingests data from many different sources and delivers it to a data storage (“stash”).

We use it to read the log files written by Rsyslog in real time and to send the content to Elasticsearch.

Elasticsearch

Elasticsearch is a distributed, RESTful search and analytics engine. It is the heart of the Elastic Stack and the core of the NetEye 4 log storage system.

Kibana

Kibana is a render engine for Elasticsearch data. It allows you to visualize and understand large amounts of data by aggregating them logically and graphically.
We created filters to tell it what data to organize for rendering graphs and charts.

Gianluca Piccolo

Gianluca Piccolo

Full Stack Developer at Wuerth Phoenix. I love questioning myself, find new challenges to learn and new adventures to grow up. PHP lover trying to expand my skills studying new languages and tools to improve my professional life.

Author

Gianluca Piccolo

Full Stack Developer at Wuerth Phoenix. I love questioning myself, find new challenges to learn and new adventures to grow up. PHP lover trying to expand my skills studying new languages and tools to improve my professional life.

Latest posts by Gianluca Piccolo

23. 10. 2025 Bug Fixes, NetEye
NetEye 4 – Security Advisory (Icinga 2)
23. 07. 2025 Bug Fixes, NetEye
Bug Fixes for NetEye 4.42
27. 06. 2025 Bug Fixes, NetEye
Bug Fixes for NetEye 4.42
17. 04. 2025 Bug Fixes, NetEye
NetEye 4 – Security Advisory
12. 11. 2024 Bug Fixes
NetEye 4 – Security Advisory
See All

Related Content

Tags: , ,

01. 12. 2025 NetEye, Unified Monitoring

Running the Icinga Agent as SYSTEM? No Thanks.

A safer way to run privileged Windows checks with SystemRunner If you’ve been monitoring Windows for a while, you’ve probably seen this pattern: some checks must run as LocalSystem (S-1-5-18), and the “quick fix” is to run the Icinga Agent Read More
24. 11. 2025 Log-SIEM, NetEye

How to Fix Transformation Problems After Upgrading to Elasticsearch 9.0

With the upgrade to NetEye 4.44, we've added a lot of new features (https://www.neteye-blog.com/2025/10/neteye-4-44-release-notes/) and, from my point of view, one of the most relevant is the introduction of Elastic Stack 9. This Elasticsearch major release (https://www.elastic.co/guide/en/elastic-stack/9.0/elastic-stack-release-notes.html) includes some new Read More
13. 10. 2025 Log-SIEM, Unified Monitoring

Elastic Defend: Experiences

Around this time last year, I wrote a blog post about improving cybersecurity with Elastic Defend. Now, one year later, we've gained a lot of practical experience with it, which I'd like to share. Elastic Defend is an EDR (Endpoint Read More
30. 09. 2025 NetEye, Unified Monitoring

Business Process Automation on NetEye

In NetEye, 'business processes' is a module used to model and monitor the business process hierarchy to obtain a high-level view of the status of critical applications. In short, they allow monitoring controls of individual components to be aggregated into Read More
30. 09. 2025 APM, Development, NetEye, Unified Monitoring

Segregating APM Data in Elastic: A Practical Guide to a Not-So-Obvious Challenge

If you've worked with Elastic APM, you're probably familiar with the APM Server: a component that collects telemetry data from APM Agents deployed across your infrastructure. But what happens when you need to segregate that data by tenant, especially in Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive