Splunk is a popular enterprise level tool for log collection, analysis and management. While you can obtain an enterprise license, most functions are available in the free community edition.
Setup is very easy:
- Download and move the .tar.gz file to the appropriate server (i386 vs. amd64)
sudo dpkg -i splunk*.deb
- Start the server:
sudo /opt/splunk/bin/splunk start
The first time you run after installation or update you will have to accept terms.
Access the admin screen:
Go to Settings/Forwarding * Receiving
– add new (port 9997)
- Open firewall port (if enabled):
sudo ufw allow 8000
Now to start as a service…
sudo /opt/splunk/bin/splunk enable boot-start
I’ve found New Relic to be a great free addition to my suite of tools for server monitoring and alerting as I shifted to a DevOps support environment.
Installation is very fast an simple once you’ve created a free accound. Paid options are available and allow for more features.
You will need to record/save YOUR_LICENSE_KEY from your account for step 5 below.
sudo sh -c 'echo deb http://apt.newrelic.com/debian/ newrelic non-free > /etc/apt/sources.list.d/newrelic.list'
wget -O- https://download.newrelic.com/548C16BF.gpg | sudo apt-key add -
sudo apt-get update
sudo apt-get install newrelic-sysmond
sudo nrsysmond-config --set license_key=YOUR_LICENSE_KEY
sudo /etc/init.d/newrelic-sysmond start
You are done! Within a few minutes you should start seeing data on your consoles at the New Relic website.