Sometimes twitter can be useful.
Yesterday I asked how people forward their linux logs to the logstash/elasticsearch server. And got this as one of the replies.
Thanks Dan Barua and James Nugent.
I’ve been setting up an ELK (Elastisearch, Logstash and Kibana) stack since last week and having heaps of fun doing so.
You can go to this post for the configuration post but first go download the package you need for your server and install it. If like me you have installed the deb package you will notice that heka starts running immediately.
ALl you have to do now is update the \etc\heka\conf.d\00-hekad.toml file with the configuration in the previous link. Don’t forget to change the url to your elasticsearch server.
Also don’t forget to give read access to the syslog file and the auth.log file.
sudo chmod 666 /var/log/syslog sudo chmod 666 /var/log/auth.log
For instance 444 might probably be enough but who knows.
You can then check the heka log in /var/log/hekad.log
And then you restart the service/daemon
sudo /etc/init.d/heka restart
Or you can reboot the server if you’re a windows admin.
The logs will be in the logstash-* index.