Install and configure logstash-forwarder

Install logstash-forwarder

<pre class=”wp-code-highlight prettyprint replica cartier linenums:1″>
yum install hermes bracelets

Add config file in location – /etc/logstash-forwarder.conf

  "network": {
    "servers": [ "localhost:5000" ],
    "timeout": 15,
    "ssl ca": "/etc/pki/tls/certs/logstash-forwarder.crt"
  "files": [
      "paths": [
      "fields": { "type": "access" }

You can access above field “type” in logstash and use it in filter or output tag.

For generating ssl certificate.

#Generate SSL certificate
sudo mkdir -p /etc/pki/tls/certs
sudo mkdir /etc/pki/tls/private
cd /etc/pki/tls; sudo openssl req -subj '/CN=localhost/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt

Start logstash-forwarder

sudo service logstash-forwarder start

Error logs cartier love bracelet can be found here …

tail -f /var/log/logstash-forwarder/logstash-forwarder.err

Categories: Elasticsearch