Deploy your own instance of Logstash on Dokku!
This setup is intended to be used with a syslog container log aggregator
such as LogSpout.
To visualise the logs, you can go with the full ELK stack by running Kibana side-by-side.
This project makes use of the official (legacy) Logstash Docker image.
For compatibility reasons with dokku-elasticsearch, deployed versions are:
- ElasticSearch: 2.4.6
- Logstash: 2.4.1
Be sure to properly setup a Dokku instance.
The following Dokku plugins need to be installed:
- Create the
logstashapp:
dokku apps:create logstash
- Create the
elasticsearchservice:
export ELASTICSEARCH_IMAGE="elasticsearch"
export ELASTICSEARCH_IMAGE_VERSION="2.4.6"
dokku elasticsearch:create logstash
dokku elasticsearch:link logstash logstash
- Fix app proxy ports:
dokku checks:disable logstash
dokku proxy:disable logstash
dokku docker-options:add logstash deploy,run "--publish 1234:5000"
- Clone this repository:
git clone https://github.com/rclement/dokku-logstash.git
- Setup Dokku git remote (with your defined domain):
git remote add dokku dokku@example.com:logstash
- Push
logstash:
git push dokku master
logstash should be reachable at: syslog+tcp://example.com:1234
This most certainly due to a mismatch between the syslog input format and
the format expected by Logstash grok filter defined in logstash-syslog.conf.
If using dokku-logspout, a
simple fix is to specify the syslog rfc3164 format, by adding the following
line to /home/dokku/.logspout/ENV
SYSLOG_FORMAT=rfc3164