If you can find out for sure that if my pakfire was passing the criteria it would be added then I would. But the conversation to me seemed more like, it is to be avoided, and we want to do something else.
The conversation does not sound like your addon ( pakfire is the package management software ) isnāt wanted. Michael stated clearly, that additional addons should be maintained by someone ( best the initiator of the addon ).
If you are willing to go through the development process of an addon ( which isnāt too big ) and to maintain this addon ( for a while ), you are welcome to do this.
Being there other ways to achieve your goal, sending logs encrypted, you cannot expect some of the handfull core devs does the job for you. Some ways to send the logs are:
- send with rsyslogd to a trusted client in the LAN, from this client you can send with your favourite tool to the remote.
- send per VPN, which is encrypted by default.
At no point did I expect that, I have filebeat working for me as stated, I listed my working example and suggested I make a filebeat pakfire for others who want to ship to logstash which I believe is a pretty common thing nowadays, just maybe not from ipfire, I might be a trend setter lol.
If it is like you have stated, why not make an addon and present it in the development mailing list?
That should be easy.
We like trend setters, integrating āmodernā tools into IPFire project.
Yes thatās what I was proposing but I was getting the impression that it would be rejected for consuming more resources than an alternative way, but actually it has been said to me now that I am able to submit a pakfire so I most likely will do that. But also I am exploring by trying to compile rsyslog on the pi and maybe use it instead of filebeat, as I do agree with ms that it would be leaner. Maybe rsyslog could be the pakfire instead of filbeat.
Leave it with me Iāll come up with something.
Bit annoying that we canāt just pull the compilers and stuff onto an ipfire device i.e. my home device. I need to make a seperate dev environment, my macbook isnāt really up for the task so itāll have to wait till I get my new PC then I can make a VM for it.
Two points to consider:
- compilers and other dev tools should have no place on an internet appliance. This would open doors, you donāt want to open.
- an internet appliance is dedicated hardware, which not necessarily have devices needed for development ( āfastā processor(s), fast and big hard disks, large amount of memory )
FWIW, If Filebeat were available as an addon, Iād use it.
So what is the final verdict here on how to get logs to an ELK stack? I have tried the āremoteā setting and nada. the whole point is to start agregating traffic for an ML training to complete the cycle.