Logstash is an open source data collection engine. It's designed to ingest data, usually logs. It can enhance or filter the data, and then forward it to a permanent back-end storage facility.
Make sure that all of the latest patches are installed.
sudo apt update sudo apt dist-upgrade sudo reboot
Configure Firewall:
sudo ufw allow ssh sudo ufw allow 5044/tcp sudo ufw enable
Install Install Java
Add the Elastic Search Key and Software:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - cat > /tmp/elastic-7.x.list << EOF deb https://artifacts.elastic.co/packages/7.x/apt stable main EOF sudo mv /tmp/elastic-7.x.list /etc/apt/sources.list.d/ sudo apt update sudo apt install -y logstash
If you are using ElasticSearch as the back-end storage, create the following configuration file:
cat > /tmp/beats.conf << EOF input { beats { port => "5044" } } output { elasticsearch { hosts => ["192.168.0.20:9200"] manage_template => false index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}" } } EOF sudo cp /tmp/beats.conf /etc/logstash/conf.d/
Then enable and start the service:
sudo systemctl enable logstash sudo service logstash start