Hi people, I have implemented the graylog solution with the objective to monitoring siteminder smps and smacces logs, extract the data and work with it.
One of my biggest problems in my environment is the number of policy servers, actually I have 4 in production environment and another 4 in homolog environment, so when some problems happens is 8 servers to search through logs to find any issue.
With this implementation, I reduce my team time analysis and set triggers to prevent some situations.
Graylog (web and server): Create dashboard, manipulate and collect the data
ElasticSearch: Store the manipulated data
MongoDB: Store dashboard info and graylog-server info.
Rsyslog: Send data to graylog
Bellow you can see the dashboard showing all info listed here:
Siteminder Current connection by policy server
Siteminder Current Depth by policy server
Top consuming resource agents.
Exceeded limit count
After configuring the solution I created a graylog Contentpack for siteminder, you can find the content pack in this link: ppoffal/siteminder-Graylog-ContentPack: A G... - GitHub