Difference between revisions of "Logstash"
Jump to navigation
Jump to search
| (4 intermediate revisions by the same user not shown) | |||
| Line 10: | Line 10: | ||
- https://www.linode.com/docs/guides/secure-logstash-connections-using-ssl-certificates/ | - https://www.linode.com/docs/guides/secure-logstash-connections-using-ssl-certificates/ | ||
- https://www.elastic.co/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash#enable-ts-logstash | - https://www.elastic.co/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash#enable-ts-logstash | ||
| + | - https://discuss.elastic.co/t/sending-logs-from-syslog-ng-to-logstash-with-and-without-tls/252939 | ||
| + | - https://bobcares.com/blog/send-syslog-with-ssl-tls-to-nagios-log-server/ | ||
| + | - https://askubuntu.com/questions/1091659/how-to-send-tls-syslog-message-via-logger-command | ||
| Line 37: | Line 40: | ||
run command | run command | ||
``` | ``` | ||
| − | /usr/share/logstash/bin/logstash -f logstash.conf | + | /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf |
``` | ``` | ||
``` | ``` | ||
| − | logger TEST2 -n 127.0.0.1 --udp --port | + | logger TEST2 -n 127.0.0.1 --udp --port 514 |
| + | logger TEST2 -n 127.0.0.1 --tcp --port 514 | ||
``` | ``` | ||
| + | ``` | ||
| + | echo "<142>$HOSTNAME Hello World, $RANDOM" | \ | ||
| + | gnutls-cli 127.0.0.1 --port=6514 --x509cafile=/etc/logstash/tls/b/ca.crt | ||
| + | ``` | ||
| + | https://askubuntu.com/questions/1091659/how-to-send-tls-syslog-message-via-logger-command | ||
Latest revision as of 14:05, 22 October 2021
Install
- https://www.elastic.co/guide/en/logstash/current/plugins-inputs-syslog.html
- https://www.elastic.co/guide/en/logstash/current/installing-logstash.html
- https://www.elastic.co/guide/en/logstash/current/docker.html
- https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elastic-stack-on-ubuntu-16-04
- https://www.elastic.co/blog/how-to-centralize-logs-with-rsyslog-logstash-and-elasticsearch-on-ubuntu-14-04
- https://www.elastic.co/guide/en/logstash/current/plugins-inputs-file.html
- https://www.elastic.co/guide/en/logstash/current/plugins-inputs-syslog.html
- https://www.linode.com/docs/guides/secure-logstash-connections-using-ssl-certificates/
- https://www.elastic.co/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash#enable-ts-logstash
- https://discuss.elastic.co/t/sending-logs-from-syslog-ng-to-logstash-with-and-without-tls/252939
- https://bobcares.com/blog/send-syslog-with-ssl-tls-to-nagios-log-server/
- https://askubuntu.com/questions/1091659/how-to-send-tls-syslog-message-via-logger-command
https://www.elastic.co/guide/en/logstash/current/installing-logstash.html
vim conf.d/logstash.conf
input {
syslog {
port => 12345
codec => cef
syslog_field => "syslog"
grok_pattern => "<%{POSINT:priority}>%{SYSLOGTIMESTAMP:timestamp} CUSTOM GROK HERE"
}
}
output {
stdout {}
file {
path => "/tmp/output.txt"
}
}
run command
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf
logger TEST2 -n 127.0.0.1 --udp --port 514 logger TEST2 -n 127.0.0.1 --tcp --port 514
echo "<142>$HOSTNAME Hello World, $RANDOM" | \
gnutls-cli 127.0.0.1 --port=6514 --x509cafile=/etc/logstash/tls/b/ca.crt
https://askubuntu.com/questions/1091659/how-to-send-tls-syslog-message-via-logger-command