itzg/logstash
Logstash with the ability to groom its own Elasticsearch indices.
1.2K
This image bundles the latest (1.5.x) version of Logstash with the ability to groom its own Elasticsearch indices.
To start a Logstash container, setup a directory on your host with one or more Logstash
pipeline configurations files, called $HOST_CONF
here, and run
docker run -d -v $HOST_CONF:/conf itzg/logstash
Logstash is much more useful when it is actually processing...logs. Logs inside the container
are non-existent, but you can attach the host machine's /var/log
directory via the container's
/logs
volume:
docker run ... -v /var/log:/logs ...
Keep in mind you will need to configure file
inputs with a base path of /logs
, such as
file {
path => ['/logs/syslog']
type => 'syslog'
}
To allow for incoming collectd content, UDP port 25826 is exposed and can be mapped onto the host using:
docker run ... -p 25826:25826/udp
Regardless of the host port, be sure to configure the logstash input to bind at port 25826
, such
as
udp {
port => 25826
codec => collectd { }
buffer_size => 1452
}
docker pull itzg/logstash