Skip to content
This repository has been archived by the owner on Nov 15, 2021. It is now read-only.

willdurand/docker-logstash-forwarder

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 

Repository files navigation

Docker Logstash Forwarder

Docker image for Logstash Forwarder, formerly known as lumberjack.

Prerequisites

In order to use this image, you MUST create an SSL certificate, and configure Logstash Forwarder using a config.json file. This configuration file MUST be named config.json and MUST be located in /etc/logstash-forwarder.

SSL Certificate

If you want to generate self-signed SSL certificates and use an IP address rather than a DNS record to point to your logstash server(s), then you SHOULD use this lc-tlscert tool:

$ wget https://raw.githubusercontent.com/driskell/log-courier/master/src/lc-tlscert/lc-tlscert.go
$ go run lc-tlscert.go

Copy the generated selfsigned.{crt,key} files to the logstash-forwarder server and to the logstash server.

Logstash Forwarder Configuration

Below is a basic configuration for Logstash Forwarder:

{
    "network": {
        "servers": [ "logstash.example.org:5043" ],
        "ssl certificate": "/etc/ssl/selfsigned.crt",
        "ssl key": "/etc/ssl/selfsigned.key",
        "ssl ca": "/etc/ssl/selfsigned.crt"
    },
    "files": [
        {
            "paths":  [ "/var/log/nginx/access.log" ],
            "fields": { "type": "nginx-access" }
        }
    ]
}

Usage

Let's say your selfsigned.{crt,key} files are located in /path/to/your/ssl/files, and your config.json file is in /path/to/your/config/file.

You can start forwarding nginx logs to your logstash server by running the following command:

$ docker run \
    --volume /path/to/your/ssl/files:/etc/ssl \
    --volume /path/to/your/config/file:/etc/logstash-forwarder \
    --volume /var/log/nginx:/var/log/nginx \
    willdurand/logstash-forwarder

However, this solution is not satisfying as you have to mount a host directory as a volume. A better approach would be to use a data-only container with a /var/log/nginx volume:

$ docker run \
    --volume /path/to/your/ssl/files:/etc/ssl \
    --volume /path/to/your/config/file:/etc/logstash-forwarder \
    --volume-from logs \
    willdurand/logstash-forwarder

Using Docker Compose

logstashforwarder:
  image: willdurand/logstash-forwarder
  volumes:
    - /path/to/your/ssl/files:/etc/ssl
    - /path/to/your/config/file:/etc/logstash-forwarder
  volumes_from:
    - logs

logs:
  image: busybox
  volumes:
    - /var/log/nginx

Extend It

One of the Docker best practices is to avoid mapping a host folder to a container volume. Instead of specifying a volume, it is recommended to use this image as base image and configure your own image.

About

Docker image for Logstash Forwarder, formerly known as lumberjack.

registry.hub.docker.com/u/willdurand/logstash-forwarder

Resources

Readme
Activity

Stars

25 stars

Watchers

5 watching

Forks

9 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •