/feature/server_tags

You have been inactive for more then 5 minutes, click anywhere to close this dialog
Other (36)

ELK Stack

Overview

ELK stack is a data pipeline that helps you process logs and other event data from a variety of sources and stream data at scale.

https://www.elastic.co/

ELK Stack

ELK Stack v2.3

Logstash is a data pipeline that helps you process logs and other event data from a variety of systems. With 200 plugins and counting, Logstash can connect to a variety of sources and stream data at scale to a central analytics system.

Installs

Installs the following components. Preconfigured to work with elasticsearch as the backend, kibana as a frontend and nginx as a proxy server for securing elasticsearch and kibana.

The notes on this page are specific to logstash. For elasticsearch and kibana please refere to their specific details pages.

Service Stop / Start

  • sudo service logstash start
  • sudo service logstash stop

Service Check

  • The logstash service is started following install.
  • A syslog grok patter is installed by default.
  • Additional patterns can be added under /etc/logstash/conf.d/

Install locations

  • logstash_ssl_dir: /etc/pki/logstash
  • logstash_ssl_certificate_file: logstash-forwarder-example.crt
  • logstash_ssl_key_file: logstash-forwarder-example.key

Security

  • Listens on port 5000 ( tcp and udp ) for sys log messages
  • Please create your own key/certification pair on production servers. This can be done using openssl for instance openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout lumberjack.key -out lumberjack.crt -subj /CN=logstash.example.com

Related Apps

Logstash is best used together with ElasticSeach and Kibana. If you need just Elastic and Kibana on a separate server please check the DISTRIBOOTED App Store for a combined install of elasticsearch and kibana https://distribooted.com/app/kibana