Run Daemon Logstash

hatienkma · July 26, 2016, 10:44am

The same thread name. I have problem via Logstash when starting.

I want to insert logfile (eve.json) from Suricata to Etaslicsearch. I have use Logstash to import.

When i enter command: "/opt/logstash/bin/logstash -f /etc/logstash/conf.d/suricata.conf"
It's working.

I have 2 solutions need help:

How to run command with daemon mode?
"/opt/logstash/bin/logstash -f /etc/logstash/conf.d/suricata.conf"
How to start file "/etc/logstash/conf.d/suricata.conf" when Logstash run?

Thanks.

warkolm · July 26, 2016, 10:54am

Install LS using a DEB or an RPM, that'll handle all of that for you.

hatienkma · July 26, 2016, 11:00am

This step i setup Logstash.

Setup Logstash

cd /home/

echo '[logstash-2.2]
name=logstash repository for 2.2 packages
baseurl=http://packages.elasticsearch.org/logstash/2.2/centos
gpgcheck=1
gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearch
enabled=1' | sudo tee /etc/yum.repos.d/logstash.repo

yum -y install logstash

hatienkma · July 26, 2016, 11:04am

Hi all,

I have resolve my problem.

Edit file: /etc/rc.d/init.d/logstash

--
LS_USER=root
LS_GROUP=root

Yeah :D.

Run Daemon Logstash

Setup Logstash

yum -y install logstash

-- LS_USER=root LS_GROUP=root

--
LS_USER=root
LS_GROUP=root