A. Install Logstash Forwarder Package
echo 'deb http://packages.elasticsearch.org/logstashforwarder/debian stable main' | sudo tee /etc/apt/sources.list.d/logstashforwarder.list
wget -O - http://packages.elasticsearch.org/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt-get install logstash-forwarder
B. change config
sudo vi /etc/logstash-forwarder.conf
{ "network": { "servers": [ "logstash_server_private_IP:5000" ], "timeout": 15, "ssl ca": "/etc/pki/tls/certs/logstash-forwarder.crt" }, "files": [ { "paths": [ "/var/log/syslog", "/var/log/auth.log" ], "fields": { "type": "syslog" } } ] }
C. First get file(logstash-forwarder.crt) from logstash server
echo 'deb http://packages.elasticsearch.org/logstashforwarder/debian stable main' | sudo tee /etc/apt/sources.list.d/logstashforwarder.list
wget -O - http://packages.elasticsearch.org/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt-get install logstash-forwarder
B. change config
sudo vi /etc/logstash-forwarder.conf
{ "network": { "servers": [ "logstash_server_private_IP:5000" ], "timeout": 15, "ssl ca": "/etc/pki/tls/certs/logstash-forwarder.crt" }, "files": [ { "paths": [ "/var/log/syslog", "/var/log/auth.log" ], "fields": { "type": "syslog" } } ] }
C. First get file(logstash-forwarder.crt) from logstash server
sudo mkdir -p /etc/pki/tls/certs
and copy /etc/pki/tls/certs/
No comments:
Post a Comment