Logstash
Jump to navigation
Jump to search
Install
- https://www.elastic.co/guide/en/logstash/current/plugins-inputs-syslog.html
- https://www.elastic.co/guide/en/logstash/current/installing-logstash.html
- https://www.elastic.co/guide/en/logstash/current/docker.html
- https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elastic-stack-on-ubuntu-16-04
- https://www.elastic.co/blog/how-to-centralize-logs-with-rsyslog-logstash-and-elasticsearch-on-ubuntu-14-04
- https://www.elastic.co/guide/en/logstash/current/plugins-inputs-file.html
- https://www.elastic.co/guide/en/logstash/current/plugins-inputs-syslog.html
https://www.elastic.co/guide/en/logstash/current/installing-logstash.html
vim conf.d/logstash.conf
input {
syslog {
port => 12345
codec => cef
syslog_field => "syslog"
grok_pattern => "<%{POSINT:priority}>%{SYSLOGTIMESTAMP:timestamp} CUSTOM GROK HERE"
}
}
output {
stdout {}
file {
path => "/tmp/output.txt"
}
}
run command
/usr/share/logstash/bin/logstash -f logstash.conf
logger TEST2 -n 127.0.0.1 --udp --port 12345