What is Logstash?
Logstash is a tool for receiving, processing and outputting logs. All kinds of logs. System logs, webserver logs, error logs, application logs, and just about anything you can throw at it.
Logstash provides a powerful pipeline for storing, querying, and analyzing your logs. When using Elasticsearch as a backend data store and Kibana as a front-end reporting tool, Logstash acts as the workhorse. It includes an arsenal of built-in inputs, filters, codecs, and outputs, enabling you to harness some powerful functionality with a small amount of effort.
This box installs Logstash and start its services. The elasticsearch binding is needed for logstash to send the log data to correct cluster (elasticsearch.CLUSTER_NAME).
It's also necesary upload a key and certificate files as they are required for ssl support.
||Hostname variable to be set by the scripts
||Version to be installed
||elasticsearch's binding to communicate with for sending the logs
||logstash.conf.jinja configuration template that will be configured with the values of the box's variables
||Logstash's filters configuration file
||Logstash's patterns configuration file
||Lumberjack port to be opened
||Tcp port to be opened
||Communication port to be opened
||Certificate file for SSL support
||Key file for SSL support
||Desired path for the certificate file to be stored
||Desired path for the key file to be stored
An instance executing this box will use bash scripting to download, install and configure Logstash. Lets see the process being done by each event script of the box with every operation of the life-cycle:
- Install operation:
- pre_install event script: updates apt-get package's lists, installs python-software-properties and software-properties-common. Adds webupd8team's java repository and installs oracle-java8-installer package. Downloads the logstash correct version package and installs it with dpkg package manager. Stops and removes the logstash-web service. Sets the HOSTNAME variable of the box.
- Configure operation:
- pre_configure event script: donwloads the certificate and the key files and stores them into the paths specified in the box's variables. Downloads and configures the configuration, filter and patterns files, saves them. Sets the ownership to logstash:logstash user the patterns folder.
- Start operation:
- pre_start event script: starts logstash's service.
- Stop operation:
- stop event script: stops logstash's service overriding its exit code to be 0.
This box has been tested and working properly with these linux distributions:
* Ubuntu 14.04
You can checkout the Logstash's documentation at https://www.elastic.co/guide/en/logstash/current/index.html
You can discuss at https://discuss.elastic.co/c/logstash