Cookin’ up some logs!

A community-driven documentation project. Fork and contribute!

rsyslog

Is the logstash agent too big for your edge nodes? Learn how to use rsyslog to ship logs to logstash.

logging from cron

Got cron jobs? Learn about how to take the output from those jobs and ship them into logstash.

running with upstart

Want to run logstash as a system service? This cookbook entry will show you how to run logstash from the upstart system daemon (comes with Ubuntu).

running with init

Run logstash as a service on your RHEL based system using this init script.

parsing syslog

Parse syslog messages!

apache json logs

Make apache output json for access logs for easy import into logstash.

log shippers

Learn about available tools for shipping logs to logstash in situations where you can’t fit the logstash agent.

debug configs

Learn how to debug wrong configs or specific filters.

windows service

Run logstash as a windows service

version updater

Keep your logstash up to date with this script.

slurp down central rsyslog server?

Already have a centralized rsyslog server, agent and indexer config to eat your logs.

removing Linux color codes from logs

Remove the color codes from Linux logs

Config snippets

Config snippets collected and provided by users

Puppet modules

Different puppet modules for Logstash and other software

Chef cookbooks

Chef cookbooks for quickly setting up Logstash and friends

StatsD metrics

StatsD plugin metrics explanation

Logging from python

Have a python app ? This small cookbook will help getting it ready to spit out logstash compatible log files

Logging from NodeJS

Have a NodeJS app? Get your logs into logstash efficiently with this cookbook.

Cisco ASA

Sample configuration for parsing syslog messages from a Cisco ASA firewall

The Logstash Book

An introductory Logstash book.

Contribute!

This cookbook is for and by the logstash community. You can help! Click the ‘edit this page’ link on any page to make edits (requires a github account). You can also edit content by forking the git repo.

Can’t write? File issues asking for fixes or new content!

Getting Help

If you aren’t finding answers here, you might consider asking for help in the logstash IRC channel (#logstash on the freenode IRC network) or on the mailing list.