logstash forwarder #6
Description
This charm installs and configures logstash-forwarder, a lightweight alternative to logstash-agent.
- Tags:
- miscellaneous ›
Overview
This charm installs and configures the logstash-forwarder package.
Usage
This is a subordinate charm, so deployment will look something like this:
juju deploy apache2
juju deploy logstash-forwarder
juju add-relation apache2 logstash-forwarder
Configuration
Configuration Essentials
To make the charm useful, you will need to configure these config variables:
servers
The name of your logstash-indexer server(s) (if the SSL certificate allows it, this can also be an IP address)
server_port
The port number used by your logstash-indexer server(s)
ssl_ca_cert
This should be a base64-encoded SSL certificate matching the cert/key pair on your logstash indexer(s)
files
The details of which log files to forward to the logstash-indexer(s). The files config variable must be valid JSON and should look something like this:
{"syslog": ["/var/log/syslog", "/var/log/*.log"], "apache": ["/var/log/apache2/*log"]}
The name (e.g. "syslog" or "apache") will be used as the logstash "type" variable.
Other Configuration Options
apt_repository
If you wish to install the logstash-forwarder package from an apt repository instead of using the included package, set this to an appropriate sources.list line
apt_repository_key
If you are using apt_repository you will need to add a matching GPG key here
config_dir
By default, the charm stores its config files in /etc/logstash-forwarder. You can change this by setting this variable
package_name
This is the name of the logstash-forwarder package (defaults to "logstash-forwarder"). If yours is called something else, you can change it here.
server_port
This is the port your logstash-indexer listens on (defaults to 5043)
ssl_cert
This is a base64-encoded SSL certificate. You probably won't need this.
ssl_key
This is the (base64-encoded) key matching ssl_cert. Again, you probably won't need this.
timeout
This sets how long the program will wait for a response from the server (in seconds) before it gives up (defaults to 15 seconds)
Troubleshooting
If you see log messages similar to "Failed to tls handshake ... because it doesn't contain any IP SANs" you are probably using an IP address in the "servers" config variable that is not valid according to the SSL certificate. The simplest option is to change to using a hostname instead.
A Note On Packages Used
The charm will install the package specified in the package_name config variable if found in the files directory. If not, it will attempt to add an apt repository using the apt_repository and apt_repository_key config variables and install from there.
There is a precompiled logstash-forwarder package in the files directory. There is also a script in scripts/build.sh that can be used to build a newer version if needed.
Logstash-forwarder Project Information
Configuration
- application_name
- (string) Operating name of the charm
- logstash-forwarder
- apt_repository
- (string) An apt sources.list line for a repository containing the logstash-forwarder package
- apt_repository_key
- (string) GPG key for apt_repository
- config_dir
- (string) Where to store logstash-forwarder config files
- /etc/logstash-forwarder
- files
- (string) A JSON-format hash, describing what paths to watch and their field type e.g. {"syslog": ["/var/log/syslog", "/var/log/*.log"], "apache": ["/var/log/apache2/*log"]}
- package_name
- (string) Filename of logstash-forwarder deb package. If this matches the name of a file in the files charm directory the package will be installed from there, otherwise it will try to install it from the repository provided by apt_repository.
- logstash-forwarder_0.3.1.1_amd64.deb
- server_port
- (int) Logstash-indexer server port
- 5043
- servers
- (string) Space seperated list of logstash-indexer servers
- ssl_ca_cert
- (string) Base64-encoded SSL CA certificate
- ssl_cert
- (string) Base64-encoded SSL certificate
- ssl_key
- (string) Base64-encoded SSL key
- timeout
- (int) Network timeout in seconds
- 15