Logstash

Logstash + Elasticsearch + Kibana

Logstash + Elasticsearch + Kibana is one of powerful solutions for log aggregation / dashboard [1]
You can use it to aggregate logs from several BrandMeister servers, simplify search or make technical dashboards.
BrandMeister provides direct interface to Logstash to provide log reports as well as internal event's data.

Kibana1.png Kibana2.png Kibana3.png Kibana4.png

Configuration

It's highly recommended to install ELK stack to the separate machine. Logstash's certificate can be self-signed, BrandMeister accepts any.

BrandMeister.conf

  1. LumberJack :
  2. {
  3.   address = "localhost";  // Logstash address
  4.   port = 10514;           // Logstash port configured to accept Lumberjack protocol
  5.   options = 3;            // Bit field: bit 0 - transmit log reports, bit 1 - transmit system events
  6.   capacity = 1024;        // Buffer capacity (line count)
  7. };

/etc/logstash/conf.d/lumberjack.conf

  1. input {
  2.   lumberjack {
  3.     id => 'lj'
  4.     host => '127.0.0.1'
  5.     port => 10514
  6.     ssl_certificate => '/etc/logstash/logstash.crt'
  7.     ssl_key => '/etc/logstash/logstash.key'
  8.     type => lumberjack
  9.   }
  10. }
  11.  
  12. filter {
  13.   date {
  14.     match => [ 'timestamp', 'ISO8601' ]
  15.   }
  16.   ruby {
  17.     path => '/opt/BrandMeister/brandmeister-logstash.rb'
  18.   }
  19. }
  20.  
  21. output {
  22.   elasticsearch {
  23.     hosts => [ 'localhost:9200' ]
  24.   }
  25. }

Operational state

status/system.php : LumberJack

  • Active - connection is active
  • Overflow - buffer overflow, one or more records lost
Retrieved from "https://wiki.brandmeister.network/index.php?title=Logstash&oldid=13215"
with by the BrandMeister Dev Team