I was spending some time refining my complex Logstash configuration driven by Chef; I quickly began to realize how hard it could be to make it dynamic. As I have been using Docker for hosting Uptime. I decided to look upon this as an opportunity and built 3 Docker images to host my Logstash setup.
My Goal here is to provide a simple Logstash container that can receive Syslog traffic over port 514 (UDP or TCP) and Redis for everything else.
- Requirements:
- Working Docker Installation
-
Building your Logstash Image:
- Pull down damm/logstash
As this image uses ONBUILD triggers we need to make our image locally
- Create a
Dockerfilein a directory called logstash Its contents should beFROM damm/logstash- Make a directory called
patternsit can be empty or you can add your custom patterns in that directory. - Create
logstash.conf.inyou can use my example. Feel free to customize this or change this file as you see fit.This is how you can personalize your Logstash container.
- Make a directory called
-
Download
crane.jsoninto the logstash directory.curl -O https://raw.githubusercontent.com/damm/docker-logstash/master/crane.json- Use Crane to build your image
crane provision -t logstash
- Use Crane to build your image
-
Running It: We use Crane so we are not required to remember long command lines.
crane lift -t redis
crane lift -t elasticsearch
crane lift -t logstash
-
Feeding It:
-
Port 514 (UDP and TCP) type is
syslogThis allows you to easily configure network devices or syslog to send to Logstash.
- Port 6379 (Redis)
logstash:logstashBeaver is great for sending your logs to Redis.