Collect logs automatically and plug it to Elastic search

Forums / NoMachine Terminal Server Products / Collect logs automatically and plug it to Elastic search

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #29721
    AvatarAubert887
    Participant

    Hello,

    How can i collect NoMachine logs and plug it to Elastic Search Kibana?

    Cordially,

    Aubert

    #29780
    Avatarfisherman
    Moderator

    This is not related to NoMachine software and i think that you can find all information on Elastic Search website. I can present one possible idea how all works.

    1. As a first thing you should install Filebeat (https://www.elastic.co/downloads/beats/filebeat) on each NoMachine server which logs have to be monitored.
      Filebeat monitors the log files, collects log events, and forwards them to endpoint. Settings of logs input and endpoints outputs have to be filled in filebeat.yml – you should include there all paths of log files
      NoMachine store most logs in /var/log directory, ex. /usr/NX/var/log on Linux hosts. More information about NoMachine logs you will find https://www.nomachine.com/AR10K00697, which has to be synchronized with ES and determine also where new logs will be sent (output). It can be a directly elastic search endpoint depending on what will be done with collected data next and how it has to be visualized in Kibana but, in most cases, you will want to transform this data to a more readable format for ES, ex. JSON. In that case, the best choice for your endpoint will be a Logstash.
    2. Logstash is a data processing pipeline and a part of ELK Stack (https://www.elastic.co/downloads/logstash). It can be installed on the same host where Elastic Search and Kibana.
      To process data sent by Filebeats you have to create Logstash pipeline with sections input, filter and output. Input will a Filebeat in our case. The filter section is a place to determine how logs have to be processed. Output as an Elastic Search endpoint.
    3. Setup your Elastic Search and Kibana, create index patterns for corresponding NoMachine logs data.
      If everything is configured correctly you should be able to find indexed new logs entries in Kibana “Discover” or Kibana “Management -> Index Management” sections.
Viewing 2 posts - 1 through 2 (of 2 total)

This topic was marked as solved, you can't post.