Skip to content
/ centralized-logging Public

Ansible Playbook for automate the setup and configuration of a centralized Rsyslog server with Logstash, Elasticsearch, Redis and Kibana.

License

View license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

errazudin/centralized-logging

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
roles
roles
 
 
vars
vars
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
central-logs.yml
central-logs.yml
 
 
hosts
hosts
 
 

Repository files navigation

Ansible Playbook for automate the setup and configuration of a centralized Rsyslog server with Logstash, Elasticsearch, Redis and Kibana.

Platform: Tested on Debian 7 x64 - i386

Disclaimer: do not run this Playbook on a live production system!! Use a dedicated instances instead.

Prerequisites: At least 1GB Ram required. 2GB is better

Logging Logic: Clients => Rsyslog Tcp 514 => logstash2redis => Redis => redis2elasticsearch => Elasticsearch => Kibana

Picture

Preparation

  1. Setup your target host in hosts

  2. Customize Logstash filters (if needed) in roles/logstash/templates/filters_log2redis.conf.j2

  3. Add your custom domain in /etc/hosts on your local box. Example: 11.11.11.11 logger

Variables

usname : username of the Apache user

domain : domain name of Apache vhost. Example: logger

pass : password for Apache auth

myip: ip address of the client authorized to connect at http://$domain/kibana-3.0.0milestone4/

Use

ansible-playbook central-logs.yml --extra-vars="usname= domain= pass= myip="

or you may want to setup individual roles step by step:

ansible-playbook central-logs.yml -t rsyslog-server

ansible-playbook central-logs.yml -t redis

ansible-playbook central-logs.yml -t elasticsearch

ansible-playbook central-logs.yml -t logstash

ansible-playbook central-logs.yml -t supervisord

ansible-playbook central-logs.yml --extra-vars="usname= domain= pass=" -t apache-kibana

ansible-playbook central-logs.yml --extra-vars="myip=" -t shorewall

Et voila, your centralized logging server is up and running!

Browse http://$domain/kibana-3.0.0milestone4/ and happy logging!

Picture Image credit: elasticsearch.org

At this point you can authorize some clients in roles/shorewall/templates/rules.j2 and reload Shorewall.

This is what the Playbook do:

  1. Setup and configure Rsyslog to listen on tcp 514

  2. Setup and configure Redis

  3. Setup and configure two Logstash instances (managed by Supervisord)

  4. Setup and configure Elasticsearch with a simple Logstash mapping. Install Open-Jdk

  5. Setup and configure Supervisord to manage Logstash instances

  6. Setup and configure Apache and Kibana 3 with simple HTTP authentication

  7. Setup and configure Shorewall (optional but recommended)

This playbook run in 6m circa.

TODO

Add support for Statsd and Librato

Add support for CentOS

Rsyslog-server role can be extended with TLS support. See http://www.rsyslog.com/doc/rsyslog_tls.html

PS

At some point in future you will need to update Elasticsearch and Logstash version in vars/default.yml

If you like this project feel free to report a bug or contribute with a pull requests!

Links

Ansible

Logstash

Elasticsearch

Kibana

Redis

Supervisord

Ansible Fan Community

About

Ansible Playbook for automate the setup and configuration of a centralized Rsyslog server with Logstash, Elasticsearch, Redis and Kibana.

Resources

Readme

License

View license
Activity

Stars

1 star

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published