Docker image for Logstash Forwarder, formerly known as lumberjack.
Switch branches/tags
Nothing to show
Clone or download
willdurand Merge pull request #2 from stlorenz/master
Correct Link fpr lc-tls cert
Latest commit 6034486 Mar 1, 2016
Permalink
Failed to load latest commit information.
Dockerfile Initial commit Dec 13, 2014
README.md Correct Link Feb 27, 2016

README.md

Docker Logstash Forwarder

Docker image for Logstash Forwarder, formerly known as lumberjack.

Prerequisites

In order to use this image, you MUST create an SSL certificate, and configure Logstash Forwarder using a config.json file. This configuration file MUST be named config.json and MUST be located in /etc/logstash-forwarder.

SSL Certificate

If you want to generate self-signed SSL certificates and use an IP address rather than a DNS record to point to your logstash server(s), then you SHOULD use this lc-tlscert tool:

$ wget https://raw.githubusercontent.com/driskell/log-courier/master/src/lc-tlscert/lc-tlscert.go
$ go run lc-tlscert.go

Copy the generated selfsigned.{crt,key} files to the logstash-forwarder server and to the logstash server.

Logstash Forwarder Configuration

Below is a basic configuration for Logstash Forwarder:

{
    "network": {
        "servers": [ "logstash.example.org:5043" ],
        "ssl certificate": "/etc/ssl/selfsigned.crt",
        "ssl key": "/etc/ssl/selfsigned.key",
        "ssl ca": "/etc/ssl/selfsigned.crt"
    },
    "files": [
        {
            "paths":  [ "/var/log/nginx/access.log" ],
            "fields": { "type": "nginx-access" }
        }
    ]
}

Usage

Let's say your selfsigned.{crt,key} files are located in /path/to/your/ssl/files, and your config.json file is in /path/to/your/config/file.

You can start forwarding nginx logs to your logstash server by running the following command:

$ docker run \
    --volume /path/to/your/ssl/files:/etc/ssl \
    --volume /path/to/your/config/file:/etc/logstash-forwarder \
    --volume /var/log/nginx:/var/log/nginx \
    willdurand/logstash-forwarder

However, this solution is not satisfying as you have to mount a host directory as a volume. A better approach would be to use a data-only container with a /var/log/nginx volume:

$ docker run \
    --volume /path/to/your/ssl/files:/etc/ssl \
    --volume /path/to/your/config/file:/etc/logstash-forwarder \
    --volume-from logs \
    willdurand/logstash-forwarder

Using Docker Compose

logstashforwarder:
  image: willdurand/logstash-forwarder
  volumes:
    - /path/to/your/ssl/files:/etc/ssl
    - /path/to/your/config/file:/etc/logstash-forwarder
  volumes_from:
    - logs

logs:
  image: busybox
  volumes:
    - /var/log/nginx

Extend It

One of the Docker best practices is to avoid mapping a host folder to a container volume. Instead of specifying a volume, it is recommended to use this image as base image and configure your own image.