Thursday, January 30, 2014

How to Install and Configure LogStash



Reference Guides
·         http://www.linuxfunda.com/2013/09/27/log-management-using-logstash-and-kibina-on-centos-rhel-ubuntu/
I used these two
·         http://blog.basefarm.com/blog/how-to-install-logstash-with-kibana-interface-on-rhel/
·         http://www.slashroot.in/logstash-tutorial-linux-central-logging-server
Install ElasticSearch and configure
1.       Install JAVA
a.       # yum install java-1.7.0-openjdk.x86_64
2.       Install elasticsearch
a.       Go to http://www.elasticsearch.org/download/
b.      Copy URL for latest TAR.GZ file
c.       # cd  /software
d.      # wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.90.9.tar.gz
3.       Unzip file into /software
a.       # tar xvfz elasticsearch-0.90.9.tar.gz –D /software
4.       Create symbolic link and change perms
a.       # ln -s /software/elasticsearch-0.90.9 /software/elasticsearch
b.      # chmod 755 elasticsearch
5.       Install service wrapper
a.       # curl -L http://github.com/elasticsearch/elasticsearch-servicewrapper/tarball/master | tar -xz
b.      # mv *servicewrapper*/service /software/elasticsearch/bin
c.       /software/elasticsearch/bin/service/elasticsearch install
                                                               i.      # ./elasticsearch install
Detected RHEL or Fedora:
Installing the ElasticSearch daemon..
You have mail in /var/spool/mail/root
6.       Add service to chkconfig and start
a.       # service elasticsearch start
b.      # chkconfig elasticsearch on
Install Redis and add to start
7.       # Add EPEL and install
a.       # rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
b.      # yum –y install redis
c.       # chkconfig   redis on && service chkconfig start
Configure LogStash
1.       # wget –P /software https://download.elasticsearch.org/logstash/logstash/logstash-1.3.2-flatjar.jar
2.       # ln -s /software/logstash/logstash-1.3.2-flatjar.jar /software/logstash/logstash.jar
Create Config Files for LogStash
1.       # vi /etc/indexer.conf and add the following:
input {
    redis {
        host => "127.0.0.1"
        port => 6379
        type => "redis-input"
        data_type => "list"
        key => "logstash"
        format => "json_event"
    }
}
output {
    stdout { debug => true debug_format => "json"}
    elasticsearch {
        host => "127.0.0.1"
    }
}
2.       Create /etc/shipper.conf file
a.      
3.       Start the Indexer and Shipper
a.       # java -jar /software/logstash/logstash.jar agent -f /etc/indexer.conf &
b.      # java -jar /software/logstash/logstash.jar agent -f /etc/shipper.conf &
Install and Configure Kibana and Ruby

1.       Install ruby which is required by Kibana
a.       # yum install ruby ruby-devel ruby-ri ruby-rdoc –y
2.       Install rubygems (get tarball for latest, don’t use yum)
a.        # wget http://production.cf.rubygems.org/rubygems/rubygems-2.1.11.tgz -P /software

3.       Unzip tarball in /software
a.       # tar xvfz rubygems-2.1.11.tgz
4.       Install Ruby
a.       # ruby rubygems-2.1.11/setup.rb
5.       Unzip Kibana and Configure
a.       # cd /software
b.      Yum install git gcc and gcc-c++
c.       git clone --branch=kibana-ruby https://github.com/rashidkpc/Kibana.git
d.      cd Kibana
e.      # gem install bundler
6.       Start up Kibana?
a.       # bundle exec ruby kibana.rb
Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)