Public | Automated Build

Last pushed: 6 days ago
Short Description
Sematext Logagent in a docker container
Full Description



- read more

What is Logagent

Logagent is a modern, open-source, light-weight log shipper. It is like Filebeat and Logstash in one, without the JVM memory footprint. It comes with out of the box and extensible log parsing, on-disk buffering, secure transport, and bulk indexing to Elasticsearch, Logsene, and other destinations. Its low memory footprint and low CPU overhead makes it suitable for deploying on edge nodes and devices, while its ability to parse and structure logs makes it a great Logstash alternative.

Docker

The docker container can be configured through the following environment variables:

  • LOG_URL: The URL of your Elasticsearch Endpoint (defaults to https://logsene-receiver.sematext.com)
             For Sematext Europe use https://logsene-receiver.eu.sematext.com. For Elasticsearch https://elasticserch-server-name:9200.
    
  • LOG_INDEX: The index where the agent should log to (for sematext users the logs token)
  • LOG_GLOB: Semicolon-separated list of file globs (e.g. /var/log/*/.log;/my/app/logs/*.log)
  • LA_ARGUMENTS: Additional command line arguments for Logagent _(e.g. LA_ARGUMENTS="-n httpd" to specify a log source name or LAARGUMENTS="-u 514" to act as syslog server)

Run a container:
The following example enables UDP syslog receiver and ships all log files from /var/log to Sematext Cloud (US).
Simply mount the log file directory into Logagent container and provide a glob pattern to match the log files to watch.

docker run -d --name logagent \
-v /var/log:/mylogs
-p 1514:514/udp \
-e LOG_URL=https://logsene-receiver.sematext.com \
-e LOG_INDEX=YOUR_LOGSENE_TOKEN_HERE \
-e LOG_GLOB="/mylogs/**/.log" \
-e LA_ARGUMENTS="-u 514" \
sematext/logagent

Installation

1) Install Node.js

Official Node.js downloads and instructions. E.g. for Debian/Ubuntu:

curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
sudo apt-get install -y nodejs
Install Logagent with npm
sudo npm i -g @sematext/logagent

2) Run logagent command line tool

logagent --help

3) Example: Index your log files in Elasticsearch

logagent -e http://localhost:9200 -i logs -g ‘/var/log/**/*.log’

4) Optional: Install service & config

Install service for Logagent using systemd, upstart, launchd
To quickly create a config file for indexing into Elasticsearch without having to edit it run something like this:

sudo logagent-setup -u http://localhost:9200 -i INDEX_NAME -g '/var/log/**/*.log'
# Logsene US: use -u https://logsene-receiver.sematext.com and your Logsene App Token as index name.
# Logsene EU: use -u https://logsene-receiver.eu.sematext.com and your Logsene App Token as index name.

Configuration

To configure different inputs, different event processing, or different outputs (e.g. your own Elasticsearch) edit /etc/sematext/logagent.conf, e.g.:

output:
  logsene:
    module: elasticsearch
    url: http://elasticsearch-server:9200
    index: logs

Then restart the service with sudo service logagent restart.
Troubleshooting & Logs
Logagent’s own logs:

  • Upstart: /var/log/upstart/logagent.log
  • Systemd: journalctl -u logagent
  • Launchd: /Library/Logs/logagent.log

Location of service scripts:

  • Upstart: /etc/init/logagent.conf
  • Systemd: /etc/systemd/system/logagent.service
  • Launchd: /Library/LaunchDaemons/com.sematext.logagent.plist

Start/stop service:

  • Upstart: service logagent stop/start
  • Systemd: systemctl stop/start logagent
  • Launchd: launchctl start/stop com.sematext.logagent

Documentation & Support

Development

  • Update to the last node version
  • From root folder node type: node ./bin/logagent -h
  • To test from root folder type: node test
Docker Pull Command
Owner
sematext
Source Repository