mysql -u root -p -e "show status like 'wsrep%'"
mysql -u root -p -e "show status like 'wsrep_local_state_comment%'"
mysql -u root -p -e "show status like 'wsrep_local_state_comment%'"
Wednesday, April 13, 2016
Tuesday, April 12, 2016
virtualizacija aplikacija
https://ninite.com/ # instalacija gomilu programa
http://10minutemail.com/ # kreira mejl na 10 minuta.
http://pickmeapp.com/ # za kreiranje exe fajla.
http://10minutemail.com/ # kreira mejl na 10 minuta.
http://pickmeapp.com/ # za kreiranje exe fajla.
Monday, April 11, 2016
Kreiranje usera za httpd servis
sudo useradd user01
sudo passwd user01
sudo mkdir -p /var/www/html/user01/public_html
sudo chown -R user01:user01 /var/www/html/user01/public_html
sudo chmod -R 755 /var/www/html/user01/public_html
ln -s /var/www/html/user01/public_html /home/user01/public_html
sudo vi /home/user01/public_html/index.php
#<?php phpinfo(); ?>
sudo vi /etc/httpd/conf.d/user01.conf
Alias /user01 /var/www/html/user01/public_html
<VirtualHost *:80>
ServerName www.user01.com
ServerAlias system.com
DocumentRoot /var/www/html/user01/public_html
</VirtualHost>
# KRAJ RADA U VI EDITORU
systemctl restart httpd.service
sudo passwd user01
sudo mkdir -p /var/www/html/user01/public_html
sudo chown -R user01:user01 /var/www/html/user01/public_html
sudo chmod -R 755 /var/www/html/user01/public_html
ln -s /var/www/html/user01/public_html /home/user01/public_html
sudo vi /home/user01/public_html/index.php
#<?php phpinfo(); ?>
sudo vi /etc/httpd/conf.d/user01.conf
Alias /user01 /var/www/html/user01/public_html
<VirtualHost *:80>
ServerName www.user01.com
ServerAlias system.com
DocumentRoot /var/www/html/user01/public_html
</VirtualHost>
# KRAJ RADA U VI EDITORU
systemctl restart httpd.service
SELinux komande
<user:role:type>
sestatus # komanda za proveru statusa SElinux-a
sestatus -v # prikazuje informaciu o context-ima koji su podešeni u /etc/sestatus.conf fajlu
getsebool -a # komanda prikazuje vrednost Selinux promenljivih
semanage boolean -l # isto kao i getsebool ali prikazuje i opis
ls -Z # prikazuje content fajlova i direktorijuma
ps -auxZ # prikazuje content procesa
# menja content type
chcon -v --type=httpd_sys_content_t /home/system/html
chcon -v --type=httpd_sys_content_t /home/system/html/index.html
# moguce je sve odjednom
chcon -Rv --type=httpd_sys_content_t /home/system/html
# kopiranje contenta
chcon -R --reference=/var/www /path/to/webroot
#vracanje prvobitnog content-a
restorecon -Rv /home/system/html
setenforce 0 # trenutno podešava selinux u permissive mode
setenforce 1 # trenutno podešava selinux u enforcing mode
yum -y install policycoreutils-python
semanage login -l # prikazuje koje selinux user je dodeljen linux user-u
semanage port -a -t http_port_t -p tcp 82 # dodaje se porta 82 type-u httpd_port_t. Nijemoguće startovati servis na portu koji čiji type nije iskonfigurisan.
sestatus # komanda za proveru statusa SElinux-a
sestatus -v # prikazuje informaciu o context-ima koji su podešeni u /etc/sestatus.conf fajlu
getsebool -a # komanda prikazuje vrednost Selinux promenljivih
semanage boolean -l # isto kao i getsebool ali prikazuje i opis
ls -Z # prikazuje content fajlova i direktorijuma
ps -auxZ # prikazuje content procesa
# menja content type
chcon -v --type=httpd_sys_content_t /home/system/html
chcon -v --type=httpd_sys_content_t /home/system/html/index.html
# moguce je sve odjednom
chcon -Rv --type=httpd_sys_content_t /home/system/html
# kopiranje contenta
chcon -R --reference=/var/www /path/to/webroot
#vracanje prvobitnog content-a
restorecon -Rv /home/system/html
setenforce 0 # trenutno podešava selinux u permissive mode
setenforce 1 # trenutno podešava selinux u enforcing mode
yum -y install policycoreutils-python
semanage login -l # prikazuje koje selinux user je dodeljen linux user-u
semanage port -a -t http_port_t -p tcp 82 # dodaje se porta 82 type-u httpd_port_t. Nijemoguće startovati servis na portu koji čiji type nije iskonfigurisan.
Friday, April 8, 2016
Instalacija Cacti
#Install Apache
yum install httpd httpd-devel
#Install MySQL
#yum install mysql mysql-server - ZA centos 5 i 6
yum install mariadb-server -y
#Install PHP
yum install php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli
#Install PHP-SNMP
yum install php-snmp
#Install NET-SNMP
yum install net-snmp-utils net-snmp-libs
#Install RRDTool
yum install rrdtool
#Staring Apache, MySQL and SNMP Services
systemctl start httpd.service
systemctl start mariadb.service
systemctl start snmpd.service
#Configure Start-up Links
systemctl enable httpd.service
systemctl enable mariadb.service
systemctl enable snmpd.service
#Install Cacti on RHEL / CentOS / Fedora
#yum install cacti - ovo ne funkcionise
http://www.cacti.net/downloads/cacti-0.8.8f.tar.gz
cd /var/www/html
tar -xzvf cacti-0.8.8f.tar.gz
ln -s cacti-0.8.8f cacti
#add user cacti
adduser -d /var/www/html/cacti -s /sbin/nologin cacti
cd /var/www/html/cacti
chown -R cacti.apache rra log
chmod 775 rra log
#Set MySQL Password
/usr/bin/mysql_secure_installation
#mysqladmin -u root password YOUR-PASSWORD-HERE
#Create MySQL Cacti Database
mysql -u root -p
MariaDB [(none)]> create database cacti;
MariaDB [(none)]> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'tecmint';
MariaDB [(none)]> FLUSH privileges;
MariaDB [(none)]> quit;
#Install Cacti Tables to MySQL
rpm -ql cacti | grep cacti.sql
/var/www/html/cacti/cacti.sql
mysql -u cacti -p cacti < /var/www/html/cacti/cacti.sql
Enter password:
#Configure MySQL settings for Cacti
cd /var/www/html/cacti/include/
vi confige.php
/* make sure these values reflect your actual database/host/user/password */
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "your-password-here";
$database_port = "3306";
$database_ssl = false;
#end vi
#Configuring Firewall for Cacti
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload
#Important PHP Settings
vi /etc/php.ini
##Running Cacti Installer Setup
http://YOUR-IP-HERE/cacti/
admin
admin
yum install httpd httpd-devel
#Install MySQL
#yum install mysql mysql-server - ZA centos 5 i 6
yum install mariadb-server -y
#Install PHP
yum install php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli
#Install PHP-SNMP
yum install php-snmp
#Install NET-SNMP
yum install net-snmp-utils net-snmp-libs
#Install RRDTool
yum install rrdtool
#Staring Apache, MySQL and SNMP Services
systemctl start httpd.service
systemctl start mariadb.service
systemctl start snmpd.service
#Configure Start-up Links
systemctl enable httpd.service
systemctl enable mariadb.service
systemctl enable snmpd.service
#Install Cacti on RHEL / CentOS / Fedora
#yum install cacti - ovo ne funkcionise
http://www.cacti.net/downloads/cacti-0.8.8f.tar.gz
cd /var/www/html
tar -xzvf cacti-0.8.8f.tar.gz
ln -s cacti-0.8.8f cacti
#add user cacti
adduser -d /var/www/html/cacti -s /sbin/nologin cacti
cd /var/www/html/cacti
chown -R cacti.apache rra log
chmod 775 rra log
#Set MySQL Password
/usr/bin/mysql_secure_installation
#mysqladmin -u root password YOUR-PASSWORD-HERE
#Create MySQL Cacti Database
mysql -u root -p
MariaDB [(none)]> create database cacti;
MariaDB [(none)]> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'tecmint';
MariaDB [(none)]> FLUSH privileges;
MariaDB [(none)]> quit;
#Install Cacti Tables to MySQL
rpm -ql cacti | grep cacti.sql
/var/www/html/cacti/cacti.sql
mysql -u cacti -p cacti < /var/www/html/cacti/cacti.sql
Enter password:
#Configure MySQL settings for Cacti
cd /var/www/html/cacti/include/
vi confige.php
/* make sure these values reflect your actual database/host/user/password */
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "your-password-here";
$database_port = "3306";
$database_ssl = false;
#end vi
#Configuring Firewall for Cacti
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload
#Important PHP Settings
vi /etc/php.ini
##Running Cacti Installer Setup
http://YOUR-IP-HERE/cacti/
admin
admin
Thursday, April 7, 2016
Instalacija nagios-a
********************************Instalacija LAMP
https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-centos-7
sudo yum install httpd
sudo systemctl start httpd.service
sudo systemctl enable httpd.service
sudo yum install mariadb-server mariadb
sudo systemctl start mariadb
sudo mysql_secure_installation
root/root
sudo systemctl enable mariadb.service
sudo yum install php php-mysql
sudo systemctl restart httpd.service
yum search php-
yum info php-fpm
sudo yum install php-fpm
********************************INSTALACIJA NAGIOS
https://www.digitalocean.com/community/tutorials/how-to-install-nagios-4-and-monitor-your-servers-on-centos-7
sudo yum install gcc glibc glibc-common gd gd-devel make net-snmp openssl-devel xinetd unzip
sudo useradd nagios
sudo groupadd nagcmd
sudo usermod -a -G nagcmd nagios
Preuzmi fajl: https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.1.1.tar.gz
tar xvf nagios-*.tar.gz
cd nagios-*
./configure --with-command-group=nagcmd
make all
sudo make install
sudo make install-commandmode
sudo make install-init
sudo make install-config
sudo make install-webconf
sudo usermod -G nagcmd apache
**********************************Install Nagios Plugins
cd ..
Preuzmi fajl: http://nagios-plugins.org/download/nagios-plugins-2.1.1.tar.gz
tar xvf nagios-plugins-*.tar.gz
cd nagios-plugins-*
./configure --with-nagios-user=nagios --with-nagios-group=nagios --with-openssl
make
sudo make install
***************************************Install NRPE
Preuzmi fajl: http://downloads.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz
tar xvf nrpe-*.tar.gz
cd nrpe-*
./configure --enable-command-args --with-nagios-user=nagios --with-nagios-group=nagios --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/x86_64-linux-gnu
./configure --enable-command-args --with-nagios-user=nagios --with-nagios-group=nagios --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/x86_64-linux-gnu
make all
sudo make install
sudo make install-xinetd
sudo make install-daemon-config
sudo vi /etc/xinetd.d/nrpe
only_from = 127.0.0.1 192.168.0.0/16
sudo service xinetd restart
***************************************Configure Nagios
sudo vi /usr/local/nagios/etc/nagios.cfg
odkomentarisati:
#cfg_dir=/usr/local/nagios/etc/servers
sudo mkdir /usr/local/nagios/etc/servers
*************************************Configure Nagios Contacts
sudo vi /usr/local/nagios/etc/objects/contacts.cfg
************************************Configure check_nrpe Command
sudo vi /usr/local/nagios/etc/objects/commands.cfg
na kraju fajla dodati:
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
***********************************Configure Apache
Kreiranje korisnika nagiosadmin:
sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
Ubaci password: nagiosadmin
sudo systemctl start nagios.service
sudo systemctl restart httpd.service
*******************************Optional: Restrict Access by IP Address
sudo vi /etc/httpd/conf.d/nagios.conf
komentarisati
Order allow,deny
Allow from all
odkomentarisati i dodati vasu adresu. Linije ce se pojaviti dva puta u fajlu
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
*********************************RESTART
sudo systemctl restart nagios.service
sudo systemctl restart httpd.service
*******************************Accessing the Nagios Web Interface
http://ipaddresa/nagios
nagiosadmin
nagiosadmin
*******************************Ispravljanje greŠke
Error: Could not stat() command file '/usr/local/nagios/var/rw/nagios.cmd'!
komanda koja je na kraju reŠila problem je:
setenforce 0
service httpd restart
service nagios restart
**********************************PROVERA KONFIGURACIJE
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-centos-7
sudo yum install httpd
sudo systemctl start httpd.service
sudo systemctl enable httpd.service
sudo yum install mariadb-server mariadb
sudo systemctl start mariadb
sudo mysql_secure_installation
root/root
sudo systemctl enable mariadb.service
sudo yum install php php-mysql
sudo systemctl restart httpd.service
yum search php-
yum info php-fpm
sudo yum install php-fpm
********************************INSTALACIJA NAGIOS
https://www.digitalocean.com/community/tutorials/how-to-install-nagios-4-and-monitor-your-servers-on-centos-7
sudo yum install gcc glibc glibc-common gd gd-devel make net-snmp openssl-devel xinetd unzip
sudo useradd nagios
sudo groupadd nagcmd
sudo usermod -a -G nagcmd nagios
Preuzmi fajl: https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.1.1.tar.gz
tar xvf nagios-*.tar.gz
cd nagios-*
./configure --with-command-group=nagcmd
make all
sudo make install
sudo make install-commandmode
sudo make install-init
sudo make install-config
sudo make install-webconf
sudo usermod -G nagcmd apache
**********************************Install Nagios Plugins
cd ..
Preuzmi fajl: http://nagios-plugins.org/download/nagios-plugins-2.1.1.tar.gz
tar xvf nagios-plugins-*.tar.gz
cd nagios-plugins-*
./configure --with-nagios-user=nagios --with-nagios-group=nagios --with-openssl
make
sudo make install
***************************************Install NRPE
Preuzmi fajl: http://downloads.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz
tar xvf nrpe-*.tar.gz
cd nrpe-*
./configure --enable-command-args --with-nagios-user=nagios --with-nagios-group=nagios --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/x86_64-linux-gnu
./configure --enable-command-args --with-nagios-user=nagios --with-nagios-group=nagios --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/x86_64-linux-gnu
make all
sudo make install
sudo make install-xinetd
sudo make install-daemon-config
sudo vi /etc/xinetd.d/nrpe
only_from = 127.0.0.1 192.168.0.0/16
sudo service xinetd restart
***************************************Configure Nagios
sudo vi /usr/local/nagios/etc/nagios.cfg
odkomentarisati:
#cfg_dir=/usr/local/nagios/etc/servers
sudo mkdir /usr/local/nagios/etc/servers
*************************************Configure Nagios Contacts
sudo vi /usr/local/nagios/etc/objects/contacts.cfg
************************************Configure check_nrpe Command
sudo vi /usr/local/nagios/etc/objects/commands.cfg
na kraju fajla dodati:
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
***********************************Configure Apache
Kreiranje korisnika nagiosadmin:
sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
Ubaci password: nagiosadmin
sudo systemctl start nagios.service
sudo systemctl restart httpd.service
*******************************Optional: Restrict Access by IP Address
sudo vi /etc/httpd/conf.d/nagios.conf
komentarisati
Order allow,deny
Allow from all
odkomentarisati i dodati vasu adresu. Linije ce se pojaviti dva puta u fajlu
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
*********************************RESTART
sudo systemctl restart nagios.service
sudo systemctl restart httpd.service
*******************************Accessing the Nagios Web Interface
http://ipaddresa/nagios
nagiosadmin
nagiosadmin
*******************************Ispravljanje greŠke
Error: Could not stat() command file '/usr/local/nagios/var/rw/nagios.cmd'!
komanda koja je na kraju reŠila problem je:
setenforce 0
service httpd restart
service nagios restart
**********************************PROVERA KONFIGURACIJE
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
Instalacija eastichearch, logstash and kibana
https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-1-7-logstash-1-5-and-kibana-4-1-elk-stack-on-centos-7
Logstash: The server component of Logstash that processes incoming logs
Elasticsearch: Stores all of the logs
Kibana: Web interface for searching and visualizing logs, which will be proxied through Nginx
#***********************Install Java 8
Download jre-8u74-linux-x64.rpm from:
https://mirror.its.sfu.ca/mirror/CentOS-Third-Party/NSG/common/x86_64/
cd /root
yum localinstall jre-8u74-linux-x64.rpm
ls -la /usr/bin/jav*
ls -la /etc/alternatives/java
#************************Install Elasticsearch
cd /root
ls
yum localinstall elasticsearch-2.3.1.rpm
#Elasticsearch is now installed. Let's edit the configuration:
sudo vi /etc/elasticsearch/elasticsearch.yml
#You will want to restrict outside access to your Elasticsearch instance (port 9200)
network.host: localhost
#Now start Elasticsearch:
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch
sudo systemctl status elasticsearch
##########################Install Kibana
cd /root
yum localinstall kibana-4.5.0-1.x86_64.rpm
sudo vi /opt/kibana/config/kibana.yml
server.host: "localhost"
#end vi
sudo systemctl start kibana
sudo systemctl status kibana
sudo systemctl enable kibana
############################Install Nginx
Because we configured Kibana to listen on localhost, we must set up a reverse proxy to allow external access to it. We will use Nginx for this purpose.
#Add the EPEL repository to yum
sudo yum -y install epel-release
sudo yum -y install nginx httpd-tools
sudo htpasswd -c /etc/nginx/htpasswd.users kibanaadmin
password: kibanaadmin
sudo vi /etc/nginx/nginx.conf
#proveri
include /etc/nginx/conf.d/*.conf;
#end vi
#Now we will create an Nginx server block in a new file:
sudo vi /etc/nginx/conf.d/kibana.conf
server {
listen 80;
server_name example.com;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
#endvi
sudo systemctl stop httpd.service
sudo systemctl start nginx
sudo systemctl enable nginx
#Note: This tutorial assumes that SELinux is disabled. If this is not the case, you may need to run the following command for Kibana to work properly: sudo setsebool -P httpd_can_network_connect 1
sudo setsebool -P httpd_can_network_connect 1
##################################Install Logstash
cd /root
yum localinstall logstash-2.3.0-1.noarch.rpm
##################################Configure Logstash
sudo vi /etc/logstash/conf.d/01-lumberjack-input.conf
input {
lumberjack {
port => 5043
type => "logs"
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
#end vi
sudo vi /etc/logstash/conf.d/10-syslog.conf
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
#end vi
sudo vi /etc/logstash/conf.d/30-lumberjack-output.conf
output {
elasticsearch { host => localhost }
stdout { codec => rubydebug }
}
#This output basically configures Logstash to store the logs in Elasticsearch.
Logstash: The server component of Logstash that processes incoming logs
Elasticsearch: Stores all of the logs
Kibana: Web interface for searching and visualizing logs, which will be proxied through Nginx
#***********************Install Java 8
Download jre-8u74-linux-x64.rpm from:
https://mirror.its.sfu.ca/mirror/CentOS-Third-Party/NSG/common/x86_64/
cd /root
yum localinstall jre-8u74-linux-x64.rpm
ls -la /usr/bin/jav*
ls -la /etc/alternatives/java
#************************Install Elasticsearch
cd /root
ls
yum localinstall elasticsearch-2.3.1.rpm
#Elasticsearch is now installed. Let's edit the configuration:
sudo vi /etc/elasticsearch/elasticsearch.yml
#You will want to restrict outside access to your Elasticsearch instance (port 9200)
network.host: localhost
#Now start Elasticsearch:
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch
sudo systemctl status elasticsearch
##########################Install Kibana
cd /root
yum localinstall kibana-4.5.0-1.x86_64.rpm
sudo vi /opt/kibana/config/kibana.yml
server.host: "localhost"
#end vi
sudo systemctl start kibana
sudo systemctl status kibana
sudo systemctl enable kibana
############################Install Nginx
Because we configured Kibana to listen on localhost, we must set up a reverse proxy to allow external access to it. We will use Nginx for this purpose.
#Add the EPEL repository to yum
sudo yum -y install epel-release
sudo yum -y install nginx httpd-tools
sudo htpasswd -c /etc/nginx/htpasswd.users kibanaadmin
password: kibanaadmin
sudo vi /etc/nginx/nginx.conf
#proveri
include /etc/nginx/conf.d/*.conf;
#end vi
#Now we will create an Nginx server block in a new file:
sudo vi /etc/nginx/conf.d/kibana.conf
server {
listen 80;
server_name example.com;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
#endvi
sudo systemctl stop httpd.service
sudo systemctl start nginx
sudo systemctl enable nginx
#Note: This tutorial assumes that SELinux is disabled. If this is not the case, you may need to run the following command for Kibana to work properly: sudo setsebool -P httpd_can_network_connect 1
sudo setsebool -P httpd_can_network_connect 1
##################################Install Logstash
cd /root
yum localinstall logstash-2.3.0-1.noarch.rpm
##################################Configure Logstash
sudo vi /etc/logstash/conf.d/01-lumberjack-input.conf
input {
lumberjack {
port => 5043
type => "logs"
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
#end vi
sudo vi /etc/logstash/conf.d/10-syslog.conf
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
#end vi
sudo vi /etc/logstash/conf.d/30-lumberjack-output.conf
output {
elasticsearch { host => localhost }
stdout { codec => rubydebug }
}
#This output basically configures Logstash to store the logs in Elasticsearch.
Wednesday, April 6, 2016
Subscribe to:
Posts (Atom)