I don't know how rsyslog does authentication, but if we can do it without firewall rules that will be good. The firewall will be harder to make work with all of Fastly's IPs.
These logs should be separated into categories:
mysql
apache
fastly
other
We'll likely add more categories later. We will be using telegraf to parse these logs into metrics as needed. We've got 7.5G on the server, so we can probably store a few months of logs (but this server also has to store the metrics, which are far more important).
We need an rsyslog daemon on the monitoring server that will accept incoming logs from:
I don't know how rsyslog does authentication, but if we can do it without firewall rules that will be good. The firewall will be harder to make work with all of Fastly's IPs.
These logs should be separated into categories:
We'll likely add more categories later. We will be using telegraf to parse these logs into metrics as needed. We've got 7.5G on the server, so we can probably store a few months of logs (but this server also has to store the metrics, which are far more important).