forked from geerlingguy/ansible-role-logstash
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit ff69928
Showing
12 changed files
with
195 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
--- | ||
language: python | ||
python: "2.7" | ||
|
||
env: | ||
- SITE=test.yml | ||
|
||
before_install: | ||
- sudo apt-get update -qq | ||
- sudo apt-get install curl | ||
|
||
install: | ||
# Install Ansible. | ||
- pip install ansible | ||
|
||
# Add ansible.cfg to pick up roles path. | ||
- "printf '[defaults]\nroles_path = ../' > ansible.cfg" | ||
|
||
# Install required dependencies. | ||
- ansible-galaxy install geerlingguy.elasticsearch | ||
|
||
script: | ||
# Check the role/playbook's syntax. | ||
- "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" | ||
|
||
# Run the role/playbook with ansible-playbook. | ||
- "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" | ||
|
||
# Run the role/playbook again, checking to make sure it's idempotent. | ||
- > | ||
ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo | ||
| grep -q 'changed=0.*failed=0' | ||
&& (echo 'Idempotence test: pass' && exit 0) | ||
|| (echo 'Idempotence test: fail' && exit 1) | ||
# TODO: Test if logstash is working correctly. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
# Ansible Role: Logstash | ||
|
||
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-logstash.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-logstash) | ||
|
||
An Ansible Role that installs Logstash on Debian/Ubuntu. | ||
|
||
**Note**: This role is under active development and is not considered stable quite yet. I am working on making sure it runs across a wider variety of platforms, and also will work with different kinds of workflows you may have. Please file issues on GitHub if you find a problem! | ||
|
||
**Security Note**: Until this role reaches a stable release, please consider it insecure, and do not use it on any production systems. Things like SSL and certificates are not being used for message authentication at this time! | ||
|
||
## Requirements | ||
|
||
Though other methods are possible, this role is made to work with Elasticsearch as a backend for storing log messages. | ||
|
||
## Role Variables | ||
|
||
Available variables are listed below, along with default values (see `defaults/main.yml`): | ||
|
||
logstash_listen_port_tcp: 5000 | ||
logstash_listen_port_udp: 5000 | ||
|
||
The TCP and UDP ports over which logstash will listen for syslog messages. | ||
|
||
logstash_elasticsearch_host: localhost | ||
|
||
The host on which Elasticsearch resides. | ||
|
||
## Dependencies | ||
|
||
- geerlingguy.elasticsearch | ||
|
||
## Example Playbook | ||
|
||
- hosts: search | ||
roles: | ||
- { role: geerlingguy.elasticsearch } | ||
- { role: geerlingguy.logstash } | ||
|
||
## License | ||
|
||
MIT / BSD | ||
|
||
## Author Information | ||
|
||
This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
--- | ||
logstash_listen_port_tcp: 5000 | ||
logstash_listen_port_udp: 5000 | ||
logstash_elasticsearch_host: localhost |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
--- | ||
- name: restart logstash | ||
service: name=logstash state=restarted |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
--- | ||
dependencies: | ||
- { role: geerlingguy.elasticsearch } | ||
|
||
galaxy_info: | ||
author: geerlingguy | ||
description: Logstash for Debian/Ubuntu. | ||
company: "Midwestern Mac, LLC" | ||
license: "license (BSD, MIT)" | ||
min_ansible_version: 1.4 | ||
platforms: | ||
# - name: EL | ||
# versions: | ||
# - all | ||
- name: Debian | ||
versions: | ||
- all | ||
- name: Ubuntu | ||
versions: | ||
- all | ||
categories: | ||
- web | ||
- system | ||
- monitoring |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
--- | ||
- name: Add Elasticsearch apt key. | ||
apt_key: | ||
url: http://packages.elasticsearch.org/GPG-KEY-elasticsearch | ||
state: present | ||
|
||
- name: Add Logstash repository. | ||
apt_repository: | ||
repo: 'deb http://packages.elasticsearch.org/logstash/1.4/debian stable main' | ||
state: present | ||
|
||
- name: Check if Logstash is already installed. | ||
stat: path=/etc/init.d/logstash | ||
register: logstash_installed | ||
|
||
- name: Update apt cache if repository just added. | ||
apt: update_cache=yes | ||
when: logstash_installed.stat.exists == false | ||
|
||
- name: Install Logstash. | ||
apt: pkg=logstash state=present | ||
|
||
# TODO: Fix this so it's idempotent. | ||
- name: Add Logstash user to adm group (Debian). | ||
user: | ||
name: logstash | ||
groups: "logstash,adm" | ||
when: ansible_os_family == "Debian" | ||
notify: restart logstash | ||
|
||
- name: Create Logstash configuration files. | ||
template: | ||
src: "templates/{{ item }}.j2" | ||
dest: "/etc/logstash/conf.d/{{ item }}" | ||
owner: root | ||
group: root | ||
mode: 644 | ||
with_items: | ||
- 01-lumberjack-input.conf | ||
- 02-local-syslog-input.conf | ||
- 10-syslog.conf | ||
- 30-lumberjack-output.conf | ||
notify: restart logstash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
input { | ||
tcp { | ||
port => {{ logstash_listen_port_tcp }} | ||
type => syslog | ||
} | ||
udp { | ||
port => {{ logstash_listen_port_udp }} | ||
type => syslog | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
input { | ||
file { | ||
path => "/var/log/syslog" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
filter { | ||
if [type] == "syslog" { | ||
grok { | ||
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" } | ||
add_field => [ "received_at", "%{@timestamp}" ] | ||
add_field => [ "received_from", "%{host}" ] | ||
} | ||
syslog_pri { } | ||
date { | ||
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
output { | ||
elasticsearch { | ||
host => {{ logstash_elasticsearch_host }} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
localhost |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
--- | ||
- hosts: localhost | ||
remote_user: root | ||
roles: | ||
- geerlingguy.elasticsearch | ||
- ansible-role-logstash |