Bjornt Logstash Forwarder

  • By Bjorn Tillenius
Channel Version Revision Published Runs on
latest/stable 0 0 18 Mar 2021
Ubuntu 16.04 Ubuntu 14.04
juju deploy bjornt-logstash-forwarder
Show information
You will need Juju 2.9 to be able to run this command. Learn how to upgrade to Juju 2.9.

Platform:

Ubuntu
14.04 16.04

About

Installs and configures logstash-forwarder Read more


Discuss this charm

Share your thoughts on this charm with the community on discourse.

Join the discussion

Overview

This charm installs and configures the logstash-forwarder package.

Usage

This is a subordinate charm, so deployment will look something like this:

juju deploy apache2
juju deploy logstash-forwarder
juju add-relation apache2 logstash-forwarder

Configuration

Configuration Essentials

To make the charm useful, you will need to configure these config variables:

servers

The name of your logstash-indexer server(s) (if the SSL certificate allows it, this can also be an IP address)

server_port

The port number used by your logstash-indexer server(s)

ssl_ca_cert

This should be a base64-encoded SSL certificate matching the cert/key pair on your logstash indexer(s)

files

The details of which log files to forward to the logstash-indexer(s). The files config variable must be valid JSON and should look something like this:

{"syslog": ["/var/log/syslog", "/var/log/*.log"], "apache": ["/var/log/apache2/*log"]}

The name (e.g. "syslog" or "apache") will be used as the logstash "type" variable.

Other Configuration Options

apt_repository

If you wish to install the logstash-forwarder package from an apt repository instead of using the included package, set this to an appropriate sources.list line

apt_repository_key

If you are using apt_repository you will need to add a matching GPG key here

config_dir

By default, the charm stores its config files in /etc/logstash-forwarder. You can change this by setting this variable

package_name

This is the name of the logstash-forwarder package (defaults to "logstash-forwarder"). If yours is called something else, you can change it here.

server_port

This is the port your logstash-indexer listens on (defaults to 5043)

ssl_cert

This is a base64-encoded SSL certificate. You probably won't need this.

ssl_key

This is the (base64-encoded) key matching ssl_cert. Again, you probably won't need this.

timeout

This sets how long the program will wait for a response from the server (in seconds) before it gives up (defaults to 15 seconds)

Troubleshooting

If you see log messages similar to "Failed to tls handshake ... because it doesn't contain any IP SANs" you are probably using an IP address in the "servers" config variable that is not valid according to the SSL certificate. The simplest option is to change to using a hostname instead.

A Note On Packages Used

The charm will install the package specified in the package_name config variable if found in the files directory. If not, it will attempt to add an apt repository using the apt_repository and apt_repository_key config variables and install from there.

There is a precompiled logstash-forwarder package in the files directory. There is also a script in scripts/build.sh that can be used to build a newer version if needed.

Logstash-forwarder Project Information