Provides centralized logging infrastructure inside a project including remote rsyslog and ELK (Elasticsearch, Logstash, Kibana).
Please refer to chapter Logging for configuration examples and hints on using the ELK stack.
rsyslog (srv interface, port UDP 514)
Elasticsearch (srv interface, ports TCP 9200 and 9300)
syslog input (localhost, ports UDP 5000 and TCP 5000)
Lumberjack input (srv interface, port TCP 5043)
Elasticsearch, Logstash and Kibana are installed on the loghost.
logstash creates elasticsearch indices of the pattern logstash-YYYY.MM.DD.
elasticsearch-curator deletes indices older than 90 days.
logstash-forwarder ships locally generated logs from all machines to the loghost.
rsyslog forwards all syslog entries to the loghost.
Below is a list of your configuration entry points for the involved components.
All configuration needs to be performed as a service user.
rsyslog: sudo /etc/init.d/rsyslog restart for restarts after configuration changes
rsyslog ignores invalid configuration statements, so be sure to check
/var/log/messagesfor errors after a restart.
logstash-forwarder: sudo /etc/init.d/logstash-forwarder restart for restarts after configuration changes
Logstash: sudo /etc/init.d/logstash restart for restarts after configuration changes
Kibana: refer to our Logging section for how to interact with Kibana
We monitor for:
correctly written log files
correctly pruned Elasticsearch indices