Does anyone have any experience with logging Asterisk servers to Graylog2?
I'd like to be able to send certain verbosity levels to Graylog2, but I don't have a clue how to go about it.
The goal is to get Asterisk's logs into Graylog2, to keep them centralized with other platform logs and other Asterisk server logs.
I have an idea about using SNMP, but I'm not sure if that's the right way to go.
Best Answer
I don't know a lot about asterisk but I've some experience with graylog. I'd recommend starting with one of their downloadable virtual machines (thought they now have nice packages for redhat/centos/debian/ubuntu.
This is very much a simplification but there are basically 2 types of input for graylog; GELF, and syslog. GELF (Graylog Extended Logging Format) is a rich and customisable way of getting log events into graylog. Syslog is the logging capability that pretty much everything has. I found this for asterisk:
https://wiki.asterisk.org/wiki/display/AST/Logging+Configuration
So what I would do is:
get the graylog vm up and running in a test network switch on a syslog input, get familiar with the interface, searching, streams and dashboards (the nginx content pack is fantastic for this). Sending test messages with the logger command is helpful.
Get asterisk pointed to your graylog syslog server, you should now see the syslog events in graylog.
At this point you will have all the awesome that centralised logging provides, you now a rapid way to view events in your system when there is trouble without having to scrape logs of a half a dozen systems.
I think SNMP might be a complementary thing here rather than something you would use directly with logs, if the asterisk system raised and SNMP trap you might also expect to see the event logged in it's syslog depending on configuration etc. Graylog has extractors which will let you parse the asterisk messages.