Difference between revisions of "Logstash"

From UVOO Tech Wiki
Jump to navigation Jump to search
Line 5: Line 5:
 
- https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elastic-stack-on-ubuntu-16-04
 
- https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elastic-stack-on-ubuntu-16-04
 
- https://www.elastic.co/blog/how-to-centralize-logs-with-rsyslog-logstash-and-elasticsearch-on-ubuntu-14-04
 
- https://www.elastic.co/blog/how-to-centralize-logs-with-rsyslog-logstash-and-elasticsearch-on-ubuntu-14-04
 +
 +
 +
```
 +
https://www.elastic.co/guide/en/logstash/current/installing-logstash.html
 +
```
 +
 +
vim conf.d/logstash.conf
 +
```
 +
input {
 +
  syslog {
 +
    port => 12345
 +
    codec => cef
 +
    syslog_field => "syslog"
 +
    grok_pattern => "<%{POSINT:priority}>%{SYSLOGTIMESTAMP:timestamp} CUSTOM GROK HERE"
 +
  }
 +
}
 +
 +
output {
 +
    stdout {}
 +
    file {
 +
        path => "/tmp/output.txt"
 +
    }
 +
}
 +
```
 +
 +
run command
 +
```
 +
/usr/share/logstash/bin/logstash -f logstash.conf
 +
```

Revision as of 01:41, 22 October 2021

Install

https://www.elastic.co/guide/en/logstash/current/installing-logstash.html

vim conf.d/logstash.conf 

input {
  syslog {
    port => 12345
    codec => cef
    syslog_field => "syslog"
    grok_pattern => "<%{POSINT:priority}>%{SYSLOGTIMESTAMP:timestamp} CUSTOM GROK HERE"
  }
}

output {
    stdout {}
    file {
        path => "/tmp/output.txt"
    }
}

run command 

/usr/share/logstash/bin/logstash -f logstash.conf
Retrieved from "https://tech.uvoo.io/index.php?title=Logstash&oldid=2333"