Install and Configure Logstash
Install and Configure LogStash for Log Forwarding and Aggregation
Last updated
Install and Configure LogStash for Log Forwarding and Aggregation
Last updated
Logstash can serve as local on-premise log aggregator and forwarder that can send logs to DLA running in CloudFabrix SaaS environment. Following are instructions for installing Logstash in customer’s environment.
Java -
Logstash Version - 2.x / 5.x / 6.x / 7.x
Software
Version
Java
Java version 8 or Java Version 11. Ensure JAVA_HOME environment variable is set.
Linux
CentOS 7.x
Debian 8.x
Ubuntu 18.0.4
Detailed installation for most popular Linux distributions are provided in the official website. Abridged version of installation instructions for some common distributions are provided here.
The following example tails the /var/log/messages file and forwards every line to your Logs App.To start pushing logs, you must create a file named /etc/logstash/conf.d/logsene.conf with the below text and restart Logstash. An example is as shown below.
Logstash Configuration file (logstash-sample.conf
) will be located at /etc/logstash/
folder where logstash is installed which looks like below. Once the file is updated it is copied to /etc/logstash/conf.d
folder as configured in pipelines.yml
file (which is located in /etc/logstash
).
Logstash configuration file will contain three objects.
Filebeat installation and configuration covered in detail at 'Install and Configure Filebeat'.
Input : Logstash input is about the information of the filebeat IP address and port.
Note :- “client_inactivity_timeout
” time is in ms. FileBeat ip address should be given in the “host
” field and FileBeat Port should be given in the “port” field.
Filter: Filter section is about the Grok Patterns of the filebeat log file. Grok Pattern needs to be specific to the log file which you had given in the filebeat.yml
input file
Output :- Output section is about the filebeat output where the log files should be transferred to. An example is shown. Change IP addresses.
Note :- “ssl_endpoint_identification_algorithm
” name should be the machine hostname where ssl truststore is generated.