How To Install Logstash, That’s an Open Source server-side data processing pipeline that allows you to collect, process, and load data into Elasticsearch.

Check Out: Error Can’t Run Elasticsearch As a Root User In Linux

How To Install Logstash ELK Stack Using Repo:

Logstash collects the logs and converts them into JSON documents then stores them in Elasticsearch. Once the inputs have collected the data it can be processed by any numbers of filter which modify the data.  

Step 1: Run the below command to install it.

yum install logstash-7.0.0.rpm -y

Step 2: Now you have to add SSL Certificates based on IP address of ELK in /etc/pki/tls/openssl.cnf

Find [v3_ca] and put these line subjectAltName = IP: 192.168.185.143

Now Create a Self-Sign Certificate

openssl req -config /etc/pki/tls/openssl.cnf -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt

Check Out: Configuration of Metricbeat For MySQL Server Monitoring

Step 3: Configuration Logstash.

Create a Input file under the directory /etc/logstash/conf.d/

vim logstash_input.conf

Create a Output file under the directory /etc/logstash/conf.d/

vim logstash_output.conf

Check Out: Install Open Source Kibana For Data Visualisation In Linux

Create a filter file under the directory /etc/logstash/conf.d/

vim logstash_filter.conf

Now load the daemon, Start the Service and enable at boot time.

systemctl daemon-reload && systemctl start logstash && systemctl enable logstash

Step 4: Add Logstash port in the firewall

firewall-cmd –permanent –add-port=5044/tcp

firewall-cmd –reload

Now Check all the ports of Elasticsearch, Kibana & Logstash should be listening.

netstat -tnlp | grep java

Check Out: Configuration of Filebeat For Elasticsearch

Step 5: Log File Location of Logstash is /var/log/logstash

You can also verify Logstah configuration settings by

service logstash configtest

You’re done

LEAVE A REPLY

Please enter your comment!
Please enter your name here