Logstash
Jump to navigation
Jump to search
Install
- https://www.elastic.co/guide/en/logstash/current/plugins-inputs-syslog.html
- https://www.elastic.co/guide/en/logstash/current/installing-logstash.html
- https://www.elastic.co/guide/en/logstash/current/docker.html
- https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elastic-stack-on-ubuntu-16-04
- https://www.elastic.co/blog/how-to-centralize-logs-with-rsyslog-logstash-and-elasticsearch-on-ubuntu-14-04
- https://www.elastic.co/guide/en/logstash/current/plugins-inputs-file.html
- https://www.elastic.co/guide/en/logstash/current/plugins-inputs-syslog.html
- https://www.linode.com/docs/guides/secure-logstash-connections-using-ssl-certificates/
- https://www.elastic.co/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash#enable-ts-logstash
- https://discuss.elastic.co/t/sending-logs-from-syslog-ng-to-logstash-with-and-without-tls/252939
- https://bobcares.com/blog/send-syslog-with-ssl-tls-to-nagios-log-server/
- https://askubuntu.com/questions/1091659/how-to-send-tls-syslog-message-via-logger-command
https://www.elastic.co/guide/en/logstash/current/installing-logstash.html
vim conf.d/logstash.conf
input {
syslog {
port => 12345
codec => cef
syslog_field => "syslog"
grok_pattern => "<%{POSINT:priority}>%{SYSLOGTIMESTAMP:timestamp} CUSTOM GROK HERE"
}
}
output {
stdout {}
file {
path => "/tmp/output.txt"
}
}
run command
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf
logger TEST2 -n 127.0.0.1 --udp --port 514 logger TEST2 -n 127.0.0.1 --tcp --port 6514
https://askubuntu.com/questions/1091659/how-to-send-tls-syslog-message-via-logger-command