nishiki/ansible-role-logstash
1
0
Fork 0
Code Issues Pull requests Releases 2 Wiki Activity Actions
No description
10 commits 2 branches 2 tags 74 KiB
Python 79.3%
Jinja 20.7%
Find a file
Adrien Waksberg ed742ccae3 release: version 1.1.0
2021-08-24 17:03:28 +02:00
defaults feat: add logstash patterns for grok 2021-08-24 16:55:01 +02:00
handlers chore: use FQCN for module name 2021-08-24 17:02:37 +02:00
meta test: replace kitchen to molecule 2021-08-24 16:58:34 +02:00
molecule/default test: replace kitchen to molecule 2021-08-24 16:58:34 +02:00
tasks chore: use FQCN for module name 2021-08-24 17:02:37 +02:00
templates fix: change logstash_inputs variable: dict to array 2019-09-30 15:30:12 +02:00
.gitignore test: replace kitchen to molecule 2021-08-24 16:58:34 +02:00
.yamllint test: replace kitchen to molecule 2021-08-24 16:58:34 +02:00
CHANGELOG.md release: version 1.1.0 2021-08-24 17:03:28 +02:00
LICENSE first version 2019-09-10 08:57:26 +02:00
README.md release: version 1.1.0 2021-08-24 17:03:28 +02:00

README.md

Ansible role: Logstash

Version License

Install and configure logstash

Requirements

  • Ansible >= 2.9
  • Debian
    • Buster
    • Bullseye

Role variables

  • logstash_major_version set major version to install- (default: 7)
  • logstash_plugins - array with the plugins to install
  - name: logstash-output-influxdb
    state: present

  path.data: /var/lib/logstash
  path.logs: /var/log/logstash
  • logstash_inputs - hash with the inputs configurations
  file:
    path: /var/log/syslog
  beats:
    port: 5444
  • logstash_outputs - array with the outputs configuration
  - >
    file {
      path => "/var/log/syslog"
      codec => "json"
    }
  • logstash_filters - array with the filters configuration
  - >
    grok {
      match => { "message" => "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" }
    }
  • logstash_pattern hash with grok patterns
  postfix: |
    # Syslog stuff
    PROCESS ([\w._\/%-]+)
    COMPID postfix\/%{PROCESS:process}(?:\[%{NUMBER:pid}\])?
    POSTFIX (?:%{SYSLOGTIMESTAMP:timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{COMPID}:

How to use

- hosts: server
  roles:
    - logstash

Development

Test with molecule and docker

  • install docker
  • install python3 and python3-pip
  • install molecule and dependencies pip3 install molecule molecule-docker docker ansible-lint pytest-testinfra yamllint
  • run molecule test

License

Copyright (c) 2019 Adrien Waksberg

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.