nishiki/ansible-role-logstash
1
0
Fork 0
Code Issues Pull requests Releases 2 Wiki Activity Actions
No description
7 commits 2 branches 2 tags 74 KiB
Python 79.3%
Jinja 20.7%
Find a file
Adrien Waksberg 47bdc407b9 feat: add logstash patterns for grok
2021-08-24 16:55:01 +02:00
defaults feat: add logstash patterns for grok 2021-08-24 16:55:01 +02:00
handlers first version 2019-09-10 08:57:26 +02:00
meta first version 2019-09-10 08:57:26 +02:00
tasks feat: add logstash patterns for grok 2021-08-24 16:55:01 +02:00
templates fix: change logstash_inputs variable: dict to array 2019-09-30 15:30:12 +02:00
test/integration fix: change logstash_inputs variable: dict to array 2019-09-30 15:30:12 +02:00
.gitignore first version 2019-09-10 08:57:26 +02:00
.kitchen.yml first version 2019-09-10 08:57:26 +02:00
.yamllint first version 2019-09-10 08:57:26 +02:00
CHANGELOG.md feat: add logstash patterns for grok 2021-08-24 16:55:01 +02:00
Gemfile first version 2019-09-10 08:57:26 +02:00
Gemfile.lock first version 2019-09-10 08:57:26 +02:00
LICENSE first version 2019-09-10 08:57:26 +02:00
README.md feat: add logstash patterns for grok 2021-08-24 16:55:01 +02:00

README.md

Ansible role: Logstash

Version License

Install and configure logstash

Requirements

  • Ansible >= 2.7
  • Debian Stretch and Buster

Role variables

  • logstash_major_version set major version to install- (default: 7)
  • logstash_plugins - array with the plugins to install
  - name: logstash-output-influxdb
    state: present

  path.data: /var/lib/logstash
  path.logs: /var/log/logstash
  • logstash_inputs - hash with the inputs configurations
  file:
    path: /var/log/syslog
  beats:
    port: 5444
  • logstash_outputs - array with the outputs configuration
  - >
    file {
      path => "/var/log/syslog"
      codec => "json"
    }
  • logstash_filters - array with the filters configuration
  - >
    grok {
      match => { "message" => "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" }
    }
  • logstash_pattern hash with grok patterns
  postfix: |
    # Syslog stuff
    PROCESS ([\w._\/%-]+)
    COMPID postfix\/%{PROCESS:process}(?:\[%{NUMBER:pid}\])?
    POSTFIX (?:%{SYSLOGTIMESTAMP:timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{COMPID}:

How to use

- hosts: server
  roles:
    - logstash

Development

Test syntax with yamllint

  • install python and python-pip
  • install yamllint pip install yamllint
  • run yamllint .

Test syntax with ansible-lint

  • install python and python-pip
  • install yamllint pip install ansible-lint
  • run ansible-lint .

Tests with docker

  • install docker
  • install ruby
  • install bundler gem install bundler
  • install dependencies bundle install
  • run the tests kitchen test

License

Copyright (c) 2019 Adrien Waksberg

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.