PipeBug: Monitoring Using Graphite, Logstash, Sensu, and Tessera

Nginx access logs to PipeBug ELK

we have couple of steps to complete before we can send the logs to ELK, we'll be using Logstash-forwarder to forward the access logs to Logstash.

Now to the action

Step 1:

Lets configure our hosts file to our logstash server. We need to edit /etc/hosts and add a record there in the following format You need to have logstash server ip from pipebug.com interface

[logstash server ip] logstash

for example it should look like this

1.2.3.4 logstash

Step 2

Now we need to install Logstash-forwarder, depending on your Linux distribution download the right installation from Logstash Download Site in the logstash-forwarder section. We will download the deb file,

wget https://download.elastic.co/logstash-forwarder/binaries/logstash-forwarder_0.4.0_amd64.deb

and then install

dpkg -i logstash-forwarder_0.4.0_amd64.deb

This istallation creates a startup script + example configuration file located at /etc/logstash-forwarder.conf.

Since we have our own configuration file we will change the name of the existing one

mv /etc/logstash-forwarder.conf /etc/logstash-forwarder.conf.bak

Step 3

Configure Nginx with right log format and saving access logs.

run the follwing command to create the Nginx log format file:

curl -o /etc/nginx/conf.d/log_format_detailed.conf https://gist.githubusercontent.com/shukydvir/723e1c4c15e0490546c6/raw/65635b1b9f8520138ca388f32447f306536876a8/log_format_nginx.conf

Now to configure Nginx to save access logs with the right format go to

/etc/nginx/nginx.conf

file and in the http section find this line

access_log /var/log/nginx/access.log;

and change it to

access_log "/var/log/nginx/access-detailed.log" detailed;

make sure the access_log line is below the follwing line

include /etc/nginx/conf.d/*.conf;

otherwise the Nginx reload will fail.

Step 4

Configure logstash-forwarder to send logs to Pipbug ELK

first we create the CRT file to be able to send logs to Logstash, run the following command

curl -o /etc/ssl/certs/pipebug_elk.crt https://gist.githubusercontent.com/shukydvir/b47e59aa4abdcd3877f1/raw/cc94c389ce23f0f640a7c4574776b38e3919f7de/pipebug_elk_crt.crt

And then we will download the configuration file for logstash-forwarder

curl -o /etc/logstash-forwarder.conf https://gist.githubusercontent.com/shukydvir/87888864bd8e43cad8c0/raw/2a3fb88812464873505d51fd2d572e285c871d0e/pipebug-logstash-forwarder.conf

Step 5

All configuration files are in place all we need to do now is restart logstash-forwarder and reload nginx configuration

Restarting the logstash-forwarder

/etc/init.d/logstash-forwarder restart

Reload Nginx

/etc/init.d/nginx reload

Step 6

Tail logstash-forwarder logs for any error and to see logs are sent

tail -f /var/log/logstash-forwarder/logstash-forwarder.*

You should see if you have any errors or something


Elasticsearch, Kibana, Logstash and Grafana are trademarks of the Elasticsearch BV.
Nagios is a trademark of the Nagios Enterprises.
Sensu is a trademark of the Heavy Water Operations.
Pagerduty is a trademark of the PagerDuty Inc.