How to install logstash on centos

We will learn How to install logstash on centos. logstash is opensource tool which use for ma
nage the events and logs and process the logs.

Logstash :-

1. Install the Java in Machine :-
sudo yum -y install java-1.8.0-openjdk
2. Please use below command to install Logstash :-
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

3. Create Repo file :-
vim /etc/yum.repos.d/elasticsearch.repo
[logstash]
name=Elastic repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

4. Install Package from logstash repo file :-
sudo yum install logstash -y
You can also Install from here link

5. Add the below entry below file :-
vim /etc/logstash/conf.d/logstash-syslog-filter.conf
filter {
  if [type] == "syslog" {
    grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at", "%{@timestamp}" ]
      add_field => [ "received_from", "%{host}" ]
    }
    date {
      match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
    }
  }
}
vim /etc/logstash/conf.d/logstash-syslog.conf
input {
  file {
    path => [ "/var/log/nginx/*.log", "/var/log/messages", "/var/log/syslog" ]
    type => "syslog"
  }
}
output {
    elasticsearch {
        hosts => ["localhost:9200"]
    }
}
6. Restart and Enable the Logstash Service :-
service logstash restart
service logstash status
systemctl enable logstash








How to install logstash on centos  How to install logstash on centos Reviewed by Unknown on September 22, 2018 Rating: 5

No comments:

Scribe

http://feeds.feedburner.com/LinuxAndAws
Powered by Blogger.
X

Get Updates On

Linux Tutorial

AWS Tutorial

Devops Tutorial

We are going to send you our resources for free. To collect your copy at first, join our mailing list. So don't miss any updates, stay connected!