There is a point to this story, but it has temporarily escaped my mind...
Logstash is an open source data collection engine. It's designed to ingest data, usually logs. It can enhance or filter the data, and then forward it to a permanent back-end storage facility.
Make sure that all of the latest patches are installed.
sudo apt update sudo apt dist-upgrade sudo reboot
Configure Firewall:
sudo ufw allow ssh sudo ufw allow 5044/tcp sudo ufw enable
Install Install Java
Add the Elastic Search Key and Software:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - cat > /tmp/elastic-7.x.list << EOF deb https://artifacts.elastic.co/packages/7.x/apt stable main EOF sudo mv /tmp/elastic-7.x.list /etc/apt/sources.list.d/ sudo apt update sudo apt install -y logstash
If you are using ElasticSearch as the back-end storage, create the following configuration file:
cat > /tmp/beats.conf << EOF input { beats { port => "5044" } } output { elasticsearch { hosts => ["192.168.0.20:9200"] manage_template => false index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}" } } EOF sudo cp /tmp/beats.conf /etc/logstash/conf.d/
Then enable and start the service:
sudo systemctl enable logstash sudo service logstash start
