Logentries Docs

Find comprehensive guides and documentation to help you start and continue to work with Logentries.

    

Search results for "{{ search.query }}"

No results found for "{{search.query}}". 
View All Results

Logentries’ Logstash plugin allows you to use Logstash along with a Logentries token-based log to send your Logstash output and event data directly to the Logentries service.

Setting Up Logstash Token-based Logging with Logentries

You are required to have Logstash installed, the Logstash-Output-Logentries Ruby Gem installed and a Logentries Account. You can create a free Logentries account here.

  1. Be sure you have Logstash installed. Installation instructions can be found here:

  2. Install rvm.

  3. Run ‘rvm install jruby-1.7.19’ and finally Run ‘rvm use jruby’

  4. Download the Ruby Gem for Logstash Logentries Token-based logging:
    This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program

  5. In order to forward logs from Logstash to your Logentries account you need to create a configuration file in your main /etc/logstash/conf.d folder. In this example we will call our configuration file “connection.conf”.
    Each plugin has different settings for configuring it. There are 3 main sections in every configuration file: inputs, filters, outputs.
    The input is your path of the file you to have Logstash handle. The filter is what you can do with the log event sent to Logstash’s input. The output is where the Logstash output is to go; by default this is stdout, but the Logstash-output-Logentries plugin allows this output to go to your Logentries token-based log.

#Configuration file 
input{
   file{
      path => "/var/log/syslog"
      start_position => beginning
   }
}
filter{
   mutate{
      add_field => ["timestamp", "%{@timestamp}"]
   }
}
output {
  logentries{
    token => "LOGENTRIES_TOKEN"
    reconnect_interval => 10
    ssl_enable => true
    host => "data.logentries.com"
    port => 443
  }
}
  1. In the output section of your configuration file, enter your Log’s specific Logentries’ Log Token inside the double quotation marks.
    This section takes advantage of the plugin and configures Logstash to forward all logs from access.log locally stored in your machine to Logentries account using unique token.

Using Logstash Logentries Token-based Plugin

After all of the elements are set up, you simply need to run Logstash calling your specific “connection.conf” file. In this example, the log events from the /var/log/access.log file will be sent to Logentries via Logstash’s output to your specific Logentries’ Token-based log.

$LS_HOME/bin/logstash -f /etc/logstash/conf.d/connection.conf --path.settings=/etc/logstash

Please refer to Logstash version specific documentation on their website for additional details on configuration and binary locations.

Logstash