github-mirrors/logstash
1
0
Fork 0
mirror of https://github.com/elastic/logstash.git synced 2025-04-25 07:07:54 -04:00
Code Issues Projects Releases Packages Wiki Activity

Updated installation/running instructions. Created an agent with sane

Browse source 
defaults for redhat-based systems.
This commit is contained in:
Greg Retkowski 2009-09-10 21:24:20 +00:00
parent 13a54a1620
commit 9df61fc0c1
2 changed files with 84 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

32
INSTALL
View file

@ -1,10 +1,3 @@
required gems:
- mkdtemp
- json
- ferret
- file-tail
- stomp
This code is not beta, not alpha, but like something unnamed where This code is not beta, not alpha, but like something unnamed where
only three people in the world have gotten it to run. YMMV. Expect only three people in the world have gotten it to run. YMMV. Expect
much debuggery. much debuggery.
@ -20,11 +13,13 @@ You should have ruby and rubygems installed.
After that install the following gems, via 'gem install gemname' After that install the following gems, via 'gem install gemname'
required gems: required gems:
- ruby-prof
- mkdtemp - mkdtemp
- json - json
- ferret - ferret
- ruby-prof - file-tail
- stomp
- uuid
You'll also need ruby-grok - see instructions below.. You'll also need ruby-grok - see instructions below..
@ -50,11 +45,18 @@ Check your /etc/ld.so.conf, or /etc/ld.so.conf.d/* .
If not already set add /usr/local/lib If not already set add /usr/local/lib
# RUNNING INSTRUCTIONS # RUNNING INSTRUCTIONS
Unpack into /opt/logstash, then cd into that directory cd into /opt/logstash
You'll need to start stompserver.. From the command line: 'stompserver'
Next start logstashd via 'ruby bin/logstashd.rb'
In another window start up the agent via
'ruby bin/agent.redhat.rb localhost:61613'
This assumes your system is redhat derivative (fedora, centos, etc..)
You should see a bunch of traffic as 'agent' loads log data.
ruby sandbox/srv.rb Now search via:
... in another window... ruby bin/search.rb linux-syslog '*alsa*'
ruby sandbox/client.rb /var/log/messages # loads messages into logstash ruby bin/search.rb httpd-access '*favicon.ico*'
# ^^ get "Entry was nil" ..
ruby sandbox/searchclient.rb linux-syslog "search_string" Note: All files will need access to /var/tmp/ruby-uuid so run all scripts
as the same user..

67
bin/agent.redhat.rb Executable file
View file

@ -0,0 +1,67 @@
#!/usr/bin/env ruby
require 'rubygems'
require 'lib/net/client'
require 'lib/net/messages/indexevent'
require 'lib/net/messages/quit'
require 'lib/file/tail/since'
require 'stomp'
require 'socket'
class Agent < LogStash::Net::MessageClient
def initialize(host, port)
super(username="", password="", host=host, port=port)
@hostname = Socket.gethostname
@msgs = []
end # def initialize
def start_log_watcher
@threads = []
@threads << Thread.new do
File::Tail::Since.new("/var/log/messages").tail do |line|
line.chomp!
index("linux-syslog", line)
end
end
@threads << Thread.new do
File::Tail::Since.new("/var/log/httpd/access_log").tail do |line|
line.chomp!
index("httpd-access", line)
end
end
end # def start_log_watcher
def index(type, string)
ier = LogStash::Net::Messages::IndexEventRequest.new
ier.log_type = type
ier.log_data = string
ier.metadata["source_host"] = @hostname
#puts "Sending: #{ier}"
sendmsg("/queue/logstash", ier)
end # def index
def IndexEventResponseHandler(msg)
if msg.code != 0
puts msg.inspect
end
end # def IndexEventResponseHandler
def run
start_log_watcher
super
end
end
if $0 == __FILE__
if ARGV.length == 0
puts "Usage: #{$0} host:port"
exit 1
end
Thread::abort_on_exception = true
host, port = ARGV[0].split(":")
agent = Agent.new(host, port)
agent.run
end