Highly recommend using off the shelf tooling that is designed for this.
At smaller scales ( <10k ) using a syslog aggregator is very sane and a decent solution.
You may want to leverage the logs over a period of time ( historical for some number of days ), perhaps parse/create alerts on some metrics out of it, etc.
ELK stack is fine. Shoving to clickhouse is fine. Grafana stack is fine. Vector by datadog ( open source ) comes to mind as a processing system for streams.
I've built large systems with relatively low latency like this with Kafka, although given the brief description that seems like overkill.
Highly recommend standardized syslog aggregator or stream based transport if your requirements include centralizing.
On Wed, Jan 21, 2026, 6:50 a.m. Stuart Henderson <stu.lists@spacehopper.org> wrote:
On 2026-01-20, Tom Smyth <tom.smyth@wirelessconnect.eu> wrote:
>
> do any of you do the equivalent of tail -f /var/log/syslog and somehow
> pipe it to a web application that would display that content on a
> webpage...
>
> Im trying to stream logs for a tool to then filter and display for my
> helpdesk / NOC team...
There are various programs designed for this but all of the ones I can
find are difficult to use on OpenBSD (usually either written in go or
javascript, and with a javascript front-end that needs building),
they're certainly very difficult to write a port for, and even just
building separately seems tricky for the ones I tried.
e.g.
https://github.com/mishankov/web-tail
https://github.com/prateeknischal/webtail (also wants PAM; not sure if openpam will do)
https://github.com/jdrews/logstation
https://github.com/logdyhq/logdy-core
https://github.com/mthenw/frontail
Possible alternative, can you use something like lnav or multitail run
inside a browser-based terminal (e.g. ttyd)? or if it doesn't absolutely
need to be browser-based, you could setup a user account to automatically
run one of those at login and have them ssh in instead.
--
Please keep replies on the mailing list.
No comments:
Post a Comment