logstash -> elastic

ELK.sh

@@ -39,9 +39,9 @@ sudo htpasswd -c /etc/nginx/htpasswd.users jeank
 
 #add the exe to the booting sequence
 sudo update-rc.d kibana defaults
-sudo update-rc.d kibana enabled
+sudo update-rc.d kibana enable
 sudo update-rc.d elasticsearch defaults
-sudo update-rc.d elasticsearch enabled 
+sudo update-rc.d elasticsearch enable
 
 sudo service kibana start
 sudo service elasticsearch restart

configs/kibana/kibana.yml

@@ -1,8 +1,8 @@
 # Kibana is served by a back end server. This setting specifies the port to use.
-# server.port: 5601
+server.port: 5601
 
 # This setting specifies the IP address of the back end server.
-# server.host: "localhost"
+server.host: "localhost"
 
 # Enables you to specify a path to mount Kibana at if you are running behind a proxy. This setting
 # cannot end in a slash.
@@ -19,7 +19,7 @@
 # that connects to this Kibana instance.
 # elasticsearch.preserveHost: true
 
-# Kibana uses an index in Elasticsearch to store saved searches, visualizations and 
+# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
 # dashboards. Kibana creates a new index if the index doesn’t already exist.
 # kibana.index: ".kibana"
 
@@ -28,12 +28,12 @@
 
 # If your Elasticsearch is protected with basic authentication, these settings provide
 # the username and password that the Kibana server uses to perform maintenance on the Kibana
-# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which 
+# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
 # is proxied through the Kibana server.
 # elasticsearch.username: "user"
 # elasticsearch.password: "pass"
 
-# Paths to the PEM-format SSL certificate and SSL key files, respectively. These 
+# Paths to the PEM-format SSL certificate and SSL key files, respectively. These
 # files enable SSL for outgoing requests from the Kibana server to the browser.
 # server.ssl.cert: /path/to/your/server.crt
 # server.ssl.key: /path/to/your/server.key
@@ -43,7 +43,7 @@
 # elasticsearch.ssl.cert: /path/to/your/client.crt
 # elasticsearch.ssl.key: /path/to/your/client.key
 
-# Optional setting that enables you to specify a path to the PEM file for the certificate 
+# Optional setting that enables you to specify a path to the PEM file for the certificate
 # authority for your Elasticsearch instance.
 # elasticsearch.ssl.ca: /path/to/your/CA.pem
 
@@ -54,7 +54,7 @@
 # the elasticsearch.requestTimeout setting.
 # elasticsearch.pingTimeout: 1500
 
-# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value 
+# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
 # must be a positive integer.
 # elasticsearch.requestTimeout: 300000
 
@@ -76,6 +76,6 @@
 # Set the value of this setting to true to suppress all logging output other than error messages.
 # logging.quiet: false
 
-# Set the value of this setting to true to log all events, including system usage information 
+# Set the value of this setting to true to log all events, including system usage information
 # and all requests.
 # logging.verbose: false

configs/logstash/nginx-conf.conf

@@ -9,5 +9,10 @@ filter {
     grok {
 	match => { "message" => "%{DATE} %{TIME} \[%{LOGLEVEL:severity}\] %{POSINT:pid}#%{NUMBER}: %{GREEDYDATA:errormessage}(?:, client: (?<client>%{IP}|%{HOSTNAME}))(?:, server: %{IPORHOST:server})(?:, request: %{QS:request})?(?:, upstream: \"%{URI:upstream}\")?(?:, host: %{QS:host})" }
 	add_tag => ["nginx_error"]
+  }
 }
+output {
+    elasticsearch {
+        hosts => [ "localhost:9200" ]
+    }
 }

configs/logstash/nginx-conf2.conf

@@ -9,5 +9,10 @@ filter {
     grok {
 	match => { "message" => "%{COMBINEDAPACHELOG}+%{GREEDYDATA:extra_fields}" }
 	add_tag => ["nginx_access"]
+  }
 }
+output {
+    elasticsearch {
+        hosts => [ "localhost:9200" ]
+    }
 }