Silly question 102


#1

I installed an input plugin today by connecting to the internet and running

/use/share/logstash/bin/logstash-plugin install logstash-input-syslog

But cannot find a conf file to edit...

Is there one? If so where is it? Or does the plugin just tell logstash that if it sees syslog type it knows what to do?
Do I need to create a logstash-input-syslog.conf manually, and stick the port I want to listen on in it?

Am I missing a trick? I read the online stuff about working with plugins but it wasn’t clear to me whether I should be looking for a pre-existing plugin conf file to edit or not?

Sorry for the newbie ignorance but if I’m having to create a conf file and put it in conf.d myself what is the plugin giving me?

Thanks
QR


(Mark Walkom) #2

Yep.

They're no different to the ones that ship as part of the release in regards to configuration :slight_smile:


#3

Thanks... I can’t seem to find any of them in my system. I’m a bit embarrassed as everyone here chats away about editing the conf files and I can’t even find them to start.

I successfully installed the logstash-input-syslog plugin but only know this as it reported success. Can’t find it to work with it lol nor any of the defaults...

Help :slight_smile:


(Mark Walkom) #4

/etc/logstash/conf.d is the default place.
https://www.elastic.co/guide/en/logstash/current/config-setting-files.html has a bunch more on the topic :slight_smile:


#5

Thanks, that’s helpful.

So why do I bother installing the input plugin if I have to write the handier for syslog data myself?

Where would I find the files installed by the plugin? I can’t seem to find any.

If I write a really simple conf file, just a minimum effort, does logstash still know how to ingest syslog files?

Sorry... just trying to get my head around input plugins and what they actually affect in logstash.

Thanks


(Mark Walkom) #6

It's kinda similar to configuration management engines. Puppet/Ansible don't know how Elasticsearch work, but they can deploy it and then configure it in a way that you tell it.

The whole idea is that you only need to define a minimum config and the Logstash handles all the heavy lifting. You don't interact with the input files, you just tell it how it should run and it manages opening ports or connections and other things like that.


(system) #7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.