Public Repository

Last pushed: 3 years ago
Short Description
Ready to Run Logstash with Redis shipper
Full Description

Docker Logstash

Ready to run, Logstash with Redis shipper. Configured with GROK filters for Linux and Cisco, persistent usage is optional.

How to run

With persisted storage for Elasticsearch

docker run --rm -v /tmp/elasticsearch:/var/lib/elasticsearch -p 2222:22 -p 9200:9200 -p 9300:9300 -p 9292:9292 -p 514:514 -p 514:514/udp logstash /sbin/my_init &

Without persisted storage

docker run --rm -p 2222:22 -p 9200:9200 -p 9300:9300 -p 9292:9292 -p 514:514 -p 514:514/udp logstash /sbin/my_init &


  • Connect with a webbrowser to http://$dockerhost:9292, please allow a moment for startup.
  • Connect http://$dockerhost:9200/_plugin/head/ for Elasticsearch “head” plugin
  • Connect http://$dockerhost:9200/_plugin/paramedic/ for Elasticsearch “paramedic” plugin
  • Connect any syslog device to port 514 tcp or udp for syslogging

Enjoy the magic


    # Use phusion/baseimage as base image. To make your builds
    # reproducible, make sure you lock down to a specific version, not
    # to `latest`! See
    # for a list of version numbers.
    FROM phusion/baseimage:0.9.14

    # Versions
    ENV     LOGSTASH_VERSION logstash-1.4.2

    # Set correct environment variables.
    ENV     HOME /root
    ENV     ROOTPASSWORD yoleaux
    ENV     LANG en_US.UTF-8
    ENV     LC_ALL en_US.UTF-8
    ENV     DEBIAN_FRONTEND noninteractive

    # set sane locale
    RUN     locale-gen en_US.UTF-8

    # Use baseimage-docker's init system.
    CMD     ["/sbin/my_init"]

    # Regenerate SSH host keys. baseimage-docker does not contain any, so you
    # have to do that yourself. You may also comment out this instruction; the
    # init system will auto-generate one during boot.
    # RUN /etc/my_init.d/

    # prep apt-get
    RUN     echo "force-unsafe-io" > /etc/dpkg/dpkg.cfg.d/02apt-speedup
    RUN     echo "Acquire::http {No-Cache=True;};" > /etc/apt/apt.conf.d/no-cache
    RUN     sed 's/main$/main universe/' -i /etc/apt/sources.list
    RUN     echo "root:$ROOTPASSWORD" | chpasswd

    # Preparations
    RUN        apt-get -y update \
            && apt-get -y install software-properties-common python-software-properties \
            && add-apt-repository -y ppa:chris-lea/redis-server \
            && apt-get -y update \
            && apt-get -y upgrade \
            && apt-get -y install openjdk-7-jre-headless redis-server wget tcpdump

    # elasticsearch
    RUN        wget -q -O /tmp/elasticsearch.deb $ELASTICSEARCH_URL \
            && dpkg -i /tmp/elasticsearch.deb \
            && /usr/share/elasticsearch/bin/plugin -install karmi/elasticsearch-paramedic \
            && /usr/share/elasticsearch/bin/plugin -install mobz/elasticsearch-head \
            && echo " logstash" >> /etc/elasticsearch/elasticsearch.yml

    # logstash
    RUN        wget -q -O /tmp/logstash.tar.gz $LOGSTASH_URL \
            && mkdir /apps \
            && cd /apps \
            && tar zxf /tmp/logstash.tar.gz \
            && ln -s $LOGSTASH_VERSION logstash

    # filesystem
    RUN        mkdir /etc/service/redis-server \
            && mkdir /etc/service/elasticsearch \
            && mkdir /etc/service/logstash-shipper \
            && mkdir /etc/service/logstash-indexer \
            && mkdir /etc/service/logstash-web \
            && mkdir /etc/logstash

    # run files
    ADD /etc/service/redis-server/run
    ADD /etc/service/elasticsearch/run
    ADD /etc/service/logstash-shipper/run
    ADD /etc/service/logstash-indexer/run
    ADD /etc/service/logstash-web/run

    # config
    ADD     shipper.conf /etc/logstash/shipper.conf
    ADD     indexer.conf /etc/logstash/indexer.conf
    ADD     redis.conf /etc/redis/redis.conf

    # Clean up APT when done.
    RUN     apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
Docker Pull Command