Logstash Configuration Logstash-forwarder (formerly name: Lumberjack)

Logstash-forwarder (formerly known as Lumberjack) is a log sending end written in the Go language,

Mainly for some of the machine performance is insufficient, have the performance OCD patient prepares.

main functions :

By configuring the trust relationship, the log of the monitored machine is encrypted and sent to Logstash,

Reduce the performance of the collected log machine to consume, equivalent to the calculation of the log for a machine;

Only encrypted connections are supported;

Support to monitor multiple directories of multiple files, each monitoring group to increase the Tag property, convenient logstash subsequent sorting;

performance is quite strong;

Multiple downstream logstash, one fail/connection broken, automatic replacement;

features not supported :

Log filtering, such as filtering by a certain template to send only part of the line;

Non-encrypted connection;

configuration section :

To generate an SSL certificate:

openssl req -x509  -batch -nodes -newkey rsa:2048 -keyout lumberjack.key -out lumberjack.crt -subj /CN=logstash.example.com

Regarding the certificate part, I am not the expert, according to the PRJ official website Https://github.com/elastic/logstash-forwarder do.

The document says generating an IP-signed certificate can be very complex.

forwarder Send side :

{    "network": {        "servers": ["logstash1.abc.com:4551" ],        "SSL CA": "./ Lumberjack.crt "    },    " Files ": [        {            " paths ": ["/opt/tengine_1.5.2/logs/ Access.log "],            " fields ": {" type ":" App_abc " }        }    ]}

Start forwarder:

./logstash-forwarder-config=lf.json-conf

Logstash Configure the receive side :

Input {  Lumberjack {    = 4551    "/root/lumberjack.crt" "/root/lumberjack.key" }}output {stdout {          = = rubydebug  }}

Start the Logstash, needless to say ...

Logstash Configuration Logstash-forwarder (formerly name: Lumberjack)