How To Install Logstash ELK Stack Using Repo
How To Install Logstash, That’s an Open Source server-side data processing pipeline that allows you to collect, process and load data into Elasticsearch.
Logstash collects the logs and converts them into JSON documents then stores them in Elasticsearch. Once the inputs have collected the data it can be processed by any numbers of filter which modify the data.
Step 2: Now you have to add SSL Certificates based on IP address of ELK in /etc/pki/tls/openssl.cnf
Find [v3_ca] and put these line subjectAltName = IP: 192.168.185.143
Now Create a Self-Sign Certificate
openssl req -config /etc/pki/tls/openssl.cnf -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt
Step 3: Configuration Logstash
Create a Input file under the directory /etc/logstash/conf.d/
Create a Output file under the directory /etc/logstash/conf.d/
Create a filter file under the directory /etc/logstash/conf.d/
Now load the daemon, Start the Service and enable at boot time.
systemctl daemon-reload && systemctl start logstash && systemctl enable logstash
Step 4: Add Logstash port in firewall
firewall-cmd –permanent –add-port=5044/tcp
Now Check all the ports of Elasticsearch, Kibana & Logstash should be listening.
netstat -tnlp | grep java
Check Out: Configuration of Filebeat For Elasticsearch
Step 5: Log File Location of Logstash is /var/log/logstash
You can also verify Logstah configuration settings by
service logstash configtest