Install and configure logstash-forwarder

Install logstash-forwarder

<pre class=”wp-code-highlight prettyprint replica cartier linenums:1″>
yum install hermes bracelets https://download.elastic.co/logstash-forwarder/binaries/logstash-forwarder-0.4.0-1.x86_64.rpm

Add config file in location – /etc/logstash-forwarder.conf

{
  "network": {
    "servers": [ "localhost:5000" ],
    "timeout": 15,
    "ssl ca": "/etc/pki/tls/certs/logstash-forwarder.crt"
  },
  "files": [
    {
      "paths": [
        "access_log"
       ],
      "fields": { "type": "access" }
    }
   ]
}

You can access above field “type” in logstash and use it in filter or output tag.

For generating ssl certificate.

#Generate SSL certificate
sudo mkdir -p /etc/pki/tls/certs
sudo mkdir /etc/pki/tls/private
cd /etc/pki/tls; sudo openssl req -subj '/CN=localhost/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt

Start logstash-forwarder

sudo service logstash-forwarder start

Error logs cartier love bracelet can be found here …

tail -f /var/log/logstash-forwarder/logstash-forwarder.err

Categories: Elasticsearch