Need help in configuring the logstash on linux box

Bharath_Pusuluri · November 30, 2015, 2:44pm

our plan is to install logstash and filter the /var/log/messages based on key words and it need to log to a file and mail should be sent if any filter matches

i am not able to configure also at this moment. could any one please help

magnusbaeck · November 30, 2015, 2:46pm

Well, what have you got so far and what doesn't work? People are unlikely to step in and write all of your configuration files.

Bharath_Pusuluri · November 30, 2015, 3:24pm

i am just trying basic only but not able to do...
Create a file named "logstash-simple.conf" and save it in the same directory as Logstash.
Then, run logstash and specify the configuration file with the -f flag.

bin/logstash -f logstash-simple.conf

i am not able to see anything

bin/logstash-2.0.0-1 -f logstash-simple.conf
-bash: bin/logstash-2.0.0-1: No such file or directory

vtst2412 · November 30, 2015, 5:14pm

Your logstash binary isn't literally named "logstash-2.0.0-1", is it?
Can you post the content of logstash-simple.conf?

Bharath_Pusuluri · December 1, 2015, 1:02pm

in /bin directory i have created a folder with version of logstash-2.0.0-1 and created a .conf file with basic code as given in URL
input { stdin { } }
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}

so as per document i am trying to execute the command "bin/logstash -f logstash-simple.conf"

vtst2412 · December 1, 2015, 1:36pm

Ok you need to run bin/logstash -f /path/to/logstash-simple.conf. The bin/logstash part is simply a convention or short hand for "invoke the logstash binary". If you saved the logstash directory under /bin, i suspect that your invocation should be /bin/logstash-2.0.0.1/bin/logstash -f /path/to/logstash-simple.conf. To confirm:

What is your absolute path to the logstash binary? and to logstash-simple.conf?

Bharath_Pusuluri · December 1, 2015, 1:39pm

actually there is no binary path for my logstash

after installing rpm file in linux machine, i have created the folder logstash-2.0.0-1 in /bin directory and created a .conf file with the above said code

vtst2412 · December 1, 2015, 2:25pm

If you've installed logstash via the RPM, the default path for your conf is /etc/logstash/conf.d/ . You can put any configuration file in there and run "service logstash start"

Bharath_Pusuluri · December 1, 2015, 5:29pm

Thank you vincent, now i am able to check that.

actually i am new to this can you guide me how to capture the data from /var/log/messages based on some keywords and send an email

steps:

need to read the /var/log/messages for keywords like 'restart'/'event'
capture the data from that message (above 5 lines and below 5 lines)
captured data need to be written in to log file with timestamp
that file need to be sent to mail

could you please help me how to do this basic code. I will enhance based on my requirement

vtst2412 · December 1, 2015, 6:29pm

Yep. First step starts here.