Bjornt Logstash Forwarder

  • By Bjorn Tillenius
Channel Version Revision Published Runs on
latest/stable 0 0 18 Mar 2021
Ubuntu 16.04 Ubuntu 14.04
juju deploy bjornt-logstash-forwarder
Show information
You will need Juju 2.9 to be able to run this command. Learn how to upgrade to Juju 2.9.


14.04 16.04


Installs and configures logstash-forwarder Read more

Discuss this charm

Share your thoughts on this charm with the community on discourse.

Join the discussion


This charm installs and configures the logstash-forwarder package.


This is a subordinate charm, so deployment will look something like this:

juju deploy apache2
juju deploy logstash-forwarder
juju add-relation apache2 logstash-forwarder


Configuration Essentials

To make the charm useful, you will need to configure these config variables:


The name of your logstash-indexer server(s) (if the SSL certificate allows it, this can also be an IP address)


The port number used by your logstash-indexer server(s)


This should be a base64-encoded SSL certificate matching the cert/key pair on your logstash indexer(s)


The details of which log files to forward to the logstash-indexer(s). The files config variable must be valid JSON and should look something like this:

{"syslog": ["/var/log/syslog", "/var/log/*.log"], "apache": ["/var/log/apache2/*log"]}

The name (e.g. "syslog" or "apache") will be used as the logstash "type" variable.

Other Configuration Options


If you wish to install the logstash-forwarder package from an apt repository instead of using the included package, set this to an appropriate sources.list line


If you are using apt_repository you will need to add a matching GPG key here


By default, the charm stores its config files in /etc/logstash-forwarder. You can change this by setting this variable


This is the name of the logstash-forwarder package (defaults to "logstash-forwarder"). If yours is called something else, you can change it here.


This is the port your logstash-indexer listens on (defaults to 5043)


This is a base64-encoded SSL certificate. You probably won't need this.


This is the (base64-encoded) key matching ssl_cert. Again, you probably won't need this.


This sets how long the program will wait for a response from the server (in seconds) before it gives up (defaults to 15 seconds)


If you see log messages similar to "Failed to tls handshake ... because it doesn't contain any IP SANs" you are probably using an IP address in the "servers" config variable that is not valid according to the SSL certificate. The simplest option is to change to using a hostname instead.

A Note On Packages Used

The charm will install the package specified in the package_name config variable if found in the files directory. If not, it will attempt to add an apt repository using the apt_repository and apt_repository_key config variables and install from there.

There is a precompiled logstash-forwarder package in the files directory. There is also a script in scripts/ that can be used to build a newer version if needed.

Logstash-forwarder Project Information