This project uses Anthony Lapenna’s Docker Compose repository for ELK as its base. The operator container was built by @cyberbutler as well as the Logstash pipeline.
You can read the full article on how this repository works here.
docker-compose up --build -dLaunch a bash shell in the operator container:
docker exec -it bash-logging-elk_operator_1 bashIf you would rather deploy the bash logging configuration to existing or new infrastructure as opposed to manually replicating the configuration I've described in the bash-operator container, you can use the ansible playbook included in this repository.
cd ansible/
cp inventory.yml.example inventory.yml
# Modify inventory.yml
ansible-playbook playbooks/configure_bash_logging.ymlAll commands are logged to /var/log/bash.log using rsyslog. filebeat pushes those logs to the logstash container over TCP 5044. By default you can login to Kibana at http://localhost:5601 with the credentials elastic:changme.
To log the output of your commands you can either feed STDOUT to STDIN by piping your commands to logoutput or by using logoutput directly against a file:
STD Redirection:
echo "This will be logged!" | logoutputFile Read:
logoutput ./test.txt