I opted to not use Syslog-NG
Although it required a bit of work (and may have been simpler) I use Graylog. I used the free version which (so far) has worked pretty good for me. Keep in mind that part of the log shipping requires that an agent is installed on your Windows servers. Right off the bat I will tell you that I’m a novice at Graylog but there is extensive information available. The integration with Librenms worked with no issues however the only issue with the “default” setup is that alerts cannot be generated with Graylog as the notifications are not stored in the database or anything access via query.
However…I created a workaround that seems to work. What I did was:
- Built a server running Ubuntu with Graylog installed.
- Configure Graylog to accept only the events through a global configuration file
- Have the output sent to my librenms database server. The instructions to do that contains the commands to create the table. The field names must match the name(s) of the fields reported from the agent.
- Created a script to insert the entries from the graylog table to the syslog table.
The last step is necessary if you want to generate alerts. You could opt to use Graylog instead to generate alerts instead but if you want one Librenms to do that instead this is what I had to do.