logstash forwarder #6

Description

This charm installs and configures logstash-forwarder, a lightweight
alternative to logstash-agent.


Overview

This charm installs and configures the logstash-forwarder package.

Usage

This is a subordinate charm, so deployment will look something like this:

juju deploy apache2
juju deploy logstash-forwarder
juju add-relation apache2 logstash-forwarder

Configuration

Configuration Essentials

To make the charm useful, you will need to configure these config
variables:

servers

The name of your logstash-indexer server(s) (if the SSL certificate
allows it, this can also be an IP address)

server_port

The port number used by your logstash-indexer server(s)

ssl_ca_cert

This should be a base64-encoded SSL certificate matching the
cert/key pair on your logstash indexer(s)

files

The details of which log files to forward to the logstash-indexer(s).
The files config variable must be valid JSON and should look
something like this:

{"syslog": ["/var/log/syslog", "/var/log/*.log"], "apache": ["/var/log/apache2/*log"]}

The name (e.g. "syslog" or "apache") will be used as the logstash
"type" variable.

Other Configuration Options

apt_repository

If you wish to install the logstash-forwarder package from an apt
repository instead of using the included package, set this to an
appropriate sources.list line

apt_repository_key

If you are using apt_repository you will need to add a matching
GPG key here

config_dir

By default, the charm stores its config files in /etc/logstash-forwarder.
You can change this by setting this variable

package_name

This is the name of the logstash-forwarder package (defaults to
"logstash-forwarder"). If yours is called something else, you can
change it here.

server_port

This is the port your logstash-indexer listens on (defaults to 5043)

ssl_cert

This is a base64-encoded SSL certificate. You probably won't need this.

ssl_key

This is the (base64-encoded) key matching ssl_cert. Again, you
probably won't need this.

timeout

This sets how long the program will wait for a response from the
server (in seconds) before it gives up (defaults to 15 seconds)

Troubleshooting

If you see log messages similar to "Failed to tls handshake ...
because it doesn't contain any IP SANs" you are probably using
an IP address in the "servers" config variable that is not valid
according to the SSL certificate. The simplest option is to change
to using a hostname instead.

A Note On Packages Used

The charm will install the package specified in the package_name config
variable if found in the files directory. If not, it will attempt to
add an apt repository using the apt_repository and apt_repository_key
config variables and install from there.

There is a precompiled logstash-forwarder package in the files directory.
There is also a script in scripts/build.sh that can be used to
build a newer version if needed.

Logstash-forwarder Project Information

Configuration

files
(string) A JSON-format hash, describing what paths to watch and their field type e.g. {"syslog": ["/var/log/syslog", "/var/log/*.log"], "apache": ["/var/log/apache2/*log"]}
ssl_ca_cert
(string) Base64-encoded SSL CA certificate
ssl_cert
(string) Base64-encoded SSL certificate
timeout
(int) Network timeout in seconds
15
package_name
(string) Filename of logstash-forwarder deb package. If this matches the name of a file in the files charm directory the package will be installed from there, otherwise it will try to install it from the repository provided by apt_repository.
logstash-forwarder_0.3.1.1_amd64.deb
ssl_key
(string) Base64-encoded SSL key
apt_repository
(string) An apt sources.list line for a repository containing the logstash-forwarder package
servers
(string) Space seperated list of logstash-indexer servers
apt_repository_key
(string) GPG key for apt_repository
server_port
(int) Logstash-indexer server port
5043
application_name
(string) Operating name of the charm
logstash-forwarder
config_dir
(string) Where to store logstash-forwarder config files
/etc/logstash-forwarder