Logstash

What?

  • Logstash is a centralized data processor. In our case used as a log endpoint.

Who?

  • ITS Linux System Administration will provide a working Logstash server. logstash.linux.bfh.ch
  • Every System Administrator can send logfiles to this instance and ITS Linux System Administration will take care of parsing them. Please inform its-linux-sysadmin@lists.bfh.ch

How?

  • Actually there are 2 possibilities to send logfiles to logstash. if needed, more could be added.
protocol hostname port
syslog udp/tcp logstash.linux.bfh.ch 514
beats logstash.linux.bfh.ch 5044
  • example syslog configuration for linux system
echo "*.* @@logstash.linux.bfh.ch:514" >> /etc/rsyslog.d/logstash.conf

  • winlogbeat installation and configuration for windows system

    installation configuration the following changes have to be made in the configuration file:

comment output.elasticsearch and following definitions of this output.
uncomment output.logstash and put logstash.linux.bfh.ch:5044 as host.