Public | Automated Build

Last pushed: 2 years ago
Short Description
logstash forwarder with journald input and elasticsearch output
Full Description

logstash-journald

Example Dockerfile for Logstash, with journald input. Docker image hosted at
state/logstash-journald.

This uses the official Logstash
repo
as its base. Currently it
comes with version 1.5.2. It then installs the
logstash-input-journald
plugin.

Note that the logstash process runs as root, so it can access the journal.

Usage

Please follow the Logstash
instructions
. You'll need to mount
the /var/log/journal directory as a read-only volume:

docker run \
  --rm \
  -v /var/log/journal:/var/log/journal:ro \
  state/logstash-journald:1.5.2 \
  logstash -e 'input { journald { } } output { stdout { codec => rubydebug } }'

See
logstash-input-journald
for input configuration. Note that the Docker image already sets SINCEDB_DIR
to /var/lib/logstash-journald. You can mount a host directory as this volume
in order to preserve the journal offset between restarts.

Building

Use make gem to create a gem for the
logstash-input-journald
plugin. make build can create the Docker image, tagged with the Logstash
version and a commit ref. make tags then tags this image with just the
Logstash version. make push will push to
state/logstash-journald.

Docker Pull Command
Owner
thingswise
Source Repository

Comments (0)