Overview
Logstash is generally used to collect information about logs. It can collect the data locally or from beat engine as we can configure it, but firstly let's install it :)
Logstash
Feel free to download the latest (6.3.1, however I don't like 6.3 since a lot of features of x-pack are paid :) ) So let's download 6.2.4
Download
root@dokuwiki ~]# wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.4.rpm --2018-07-17 19:32:32-- https://artifacts.elastic.co/downloads/logstash/logstash-6.2.4.rpm Resolving artifacts.elastic.co... 54.235.82.130, 107.21.237.95, 107.21.253.15, ... Connecting to artifacts.elastic.co|54.235.82.130|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 148204622 (141M) [binary/octet-stream] Saving to: “logstash-6.2.4.rpm” 100%[============================================================================================================================================================================================================>] 148,204,622 36.2M/s in 5.0s 2018-07-17 19:32:38 (28.2 MB/s) - “logstash-6.2.4.rpm” saved [148204622/148204622] [root@dokuwiki ~]#
Install
[root@dokuwiki ~]# rpm -Uvh logstash-6.2.4.rpm Preparing... ########################################### [100%] 1:logstash ########################################### [100%] Using provided startup.options file: /etc/logstash/startup.options Successfully created system startup script for Logstash [root@dokuwiki ~]#
Configuration
http.host: "IP" xpack.monitoring.elasticsearch.url: ["http://IP:PORT"] xpack.monitoring.elasticsearch.username: "elastic" xpack.monitoring.elasticsearch.password: "password3" path.config: /etc/logstash/pipeline
Install X-PACK
[root@dokuwiki bin]# /usr/share/logstash/bin/logstash-plugin install x-poack ^C[root@dokuwiki bin]# /usr/share/logstash/bin/logstash-plugin install x-pack Downloading file: https://artifacts.elastic.co/downloads/logstash-plugins/x-pack/x-pack-6.2.4.zip Downloading [=============================================================] 100% Installing file: /tmp/studtmp-4e494ad4d8b5384eaf52f4bd3e10fcdf33e38a7f56979511c1701a72cf9b/x-pack-6.2.4.zip Install successful
Start Logstash
[root@dokuwiki bin]# ./logstash --path.settings /etc/logstash/ Sending Logstash's logs to /usr/share/logstash/logs which is now configured via log4j2.properties [root@dokuwiki bin]#