{"id":13655038,"url":"https://github.com/geerlingguy/ansible-role-logstash","last_synced_at":"2025-04-05T08:08:09.651Z","repository":{"id":19971464,"uuid":"23238490","full_name":"geerlingguy/ansible-role-logstash","owner":"geerlingguy","description":"Ansible Role - Logstash","archived":false,"fork":false,"pushed_at":"2024-07-16T19:22:30.000Z","size":82,"stargazers_count":180,"open_issues_count":0,"forks_count":216,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-10-10T04:06:31.121Z","etag":null,"topics":["ansible","elk","java","logging","logstash","role"],"latest_commit_sha":null,"homepage":"https://galaxy.ansible.com/geerlingguy/logstash/","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/geerlingguy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"geerlingguy","patreon":"geerlingguy"}},"created_at":"2014-08-22T20:14:03.000Z","updated_at":"2024-09-23T14:58:01.000Z","dependencies_parsed_at":"2024-01-14T16:11:08.040Z","dependency_job_id":"dbeae9d0-5dff-49c6-95d3-556691325996","html_url":"https://github.com/geerlingguy/ansible-role-logstash","commit_stats":null,"previous_names":[],"tags_count":29,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geerlingguy%2Fansible-role-logstash","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geerlingguy%2Fansible-role-logstash/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geerlingguy%2Fansible-role-logstash/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geerlingguy%2Fansible-role-logstash/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/geerlingguy","download_url":"https://codeload.github.com/geerlingguy/ansible-role-logstash/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247305934,"owners_count":20917208,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","elk","java","logging","logstash","role"],"created_at":"2024-08-02T03:00:55.141Z","updated_at":"2025-04-05T08:08:09.629Z","avatar_url":"https://github.com/geerlingguy.png","language":"Jinja","funding_links":["https://github.com/sponsors/geerlingguy","https://patreon.com/geerlingguy"],"categories":["role","Security"],"sub_categories":["Logging and Monitoring"],"readme":"# Ansible Role: Logstash\n\n[![CI](https://github.com/geerlingguy/ansible-role-logstash/actions/workflows/ci.yml/badge.svg)](https://github.com/geerlingguy/ansible-role-logstash/actions/workflows/ci.yml)\n\nAn Ansible Role that installs Logstash on RedHat/CentOS Debian/Ubuntu.\n\nNote that this role installs a syslog grok pattern by default; if you want to add more filters, please add them inside the `/etc/logstash/conf.d/` directory. As an example, you could create a file named `13-myapp.conf` with the appropriate grok filter and restart logstash to start using it. Test your grok regex using the [Grok Debugger](http://grokdebug.herokuapp.com/).\n\n## Requirements\n\nThough other methods are possible, this role is made to work with Elasticsearch as a backend for storing log messages.\n\n## Role Variables\n\nAvailable variables are listed below, along with default values (see `defaults/main.yml`):\n\n    logstash_version: '7.x'\n\nThe major version of Logstash to install.\n\n    logstash_package: logstash\n\nThe specific package to be installed. You can specify a version of the package using the correct syntax for your platform and package manager by changing the package name.\n\n    logstash_listen_port_beats: 5044\n\nThe port over which Logstash will listen for beats.\n\n    logstash_elasticsearch_hosts:\n      - http://localhost:9200\n\nThe hosts where Logstash should ship logs to Elasticsearch.\n\n    logstash_dir: /usr/share/logstash\n\nThe directory inside which Logstash is installed.\n\n    logstash_ssl_dir: /etc/pki/logstash\n    logstash_ssl_certificate_file: logstash-forwarder-example.crt\n    logstash_ssl_key_file: logstash-forwarder-example.key\n\nLocal paths to the SSL certificate and key files, which will be copied into the `logstash_ssl_dir`.\n\nSee [Generating a self-signed certificate](#generating-a-self-signed-certificate) for information about generating and using self-signed certs with Logstash and Filebeat.\n\n    logstash_local_syslog_path: /var/log/syslog\n    logstash_monitor_local_syslog: true\n\nWhether configuration for local syslog file (defined as `logstash_local_syslog_path`) should be added to logstash. Set this to `false` if you are monitoring the local syslog differently, or if you don't care about the local syslog file. Other local logs can be added by your own configuration files placed inside `/etc/logstash/conf.d`.\n\n    logstash_enabled_on_boot: true\n\nSet this to `false` if you don't want logstash to run on system startup.\n\n    logstash_install_plugins:\n      - logstash-input-beats\n      - logstash-filter-multiline\n\nA list of Logstash plugins that should be installed.\n\n    logstash_setup_default_config: true\n\nSet this to `false` if you don't want to add the default config files shipped with this role (inside the `files/filters` directory). You can add your own configuration files inside `/etc/logstash/conf.d`.\n\n## Generating a Self-signed certificate\n\nFor utmost security, you should use your own valid certificate and keyfile, and update the `logstash_ssl_*` variables in your playbook to use your certificate.\n\nTo generate a self-signed certificate/key pair, you can use use the command:\n\n    $ openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout logstash.key -out logstash.crt -subj '/CN=example.com'\n\nNote that Filebeat and Logstash may not work correctly with self-signed certificates unless you also have the full chain of trust (including the Certificate Authority for your self-signed cert) added on your server. See: https://github.com/elastic/logstash/issues/4926#issuecomment-203936891\n\nNewer versions of Filebeat and Logstash also require a pkcs8-formatted private key, which can be generated by converting the key generated earlier, e.g.:\n\n    openssl pkcs8 -in logstash.key -topk8 -nocrypt -out logstash.p8\n\n## Other Notes\n\nIf you are seeing high CPU usage from one of the `logstash` processes, and you're using Logstash along with another application running on port 80 on a platform like Ubuntu with upstart, the `logstash-web` process may be stuck in a loop trying to start on port 80, failing, and trying to start again, due to the `restart` flag being present in `/etc/init/logstash-web.conf`. To avoid this problem, either change that line to add a `limit` to the respawn statement, or set the `logstash-web` service to `enabled=no` in your playbook, e.g.:\n\n    - name: Ensure logstash-web process is stopped and disabled.\n      service: name=logstash-web state=stopped enabled=no\n\n## Example Playbook\n\n    - hosts: search\n    \n      pre_tasks:\n        - name: Use Java 8 on Debian/Ubuntu.\n          set_fact:\n            java_packages:\n              - openjdk-8-jdk\n          when: ansible_os_family == 'Debian'\n    \n      roles:\n        - geerlingguy.java\n        - geerlingguy.elasticsearch\n        - geerlingguy.logstash\n\n## License\n\nMIT / BSD\n\n## Author Information\n\nThis role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgeerlingguy%2Fansible-role-logstash","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgeerlingguy%2Fansible-role-logstash","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgeerlingguy%2Fansible-role-logstash/lists"}