FLARE: Stapling together syslog-ng, ELK, Alerting and Incident Response with metadata!

You've got your centrally-aggregated log stream from your hundreds of servers, and you know your way around grep - but now what? How can you get useful real-time event monitoring, notification and tracking from that giant unparsable flood of data? By stapling together some fantastic open-source tools, of course - with metadata! FLARE is internal software developed at the University of Victoria that provides a central interface to describing log events that matter, and how to make them actionable for operations admins, extending the capabilities of powerful open source tools by adding metadata that unifies their view of incidents, and the events that produce them.



Jeff Albert

Senior UNIX Systems Administrator, University of Victoria