Ansible Playbook to automate the setup of an ELK stack (centralized logging server with Logstash, Elasticsearch, Redis and Kibana)
This playbook is intended to be run against a clean server (not clients) that will be used as a central logger. After the setup of the server, clients cat be instructed to redirect all logs to the central location.
Platform: Tested on Debian 7 x64 / CentOS 6.x x64 / Ubuntu Precise
Disclaimer: do not run this Playbook on a live production system!! Use a dedicated instance instead.
Prerequisites: At least 1GB Ram required. 2GB is better
Logging Logic: Clients => Rsyslog Tcp 514 => Logstash => Redis => Logstash => Elasticsearch => Kibana
-
Setup your target host in hosts
-
Add your custom domain in /etc/hosts on your local box. Example: 11.11.11.11 logger
usname : username of the vhost user
domain : domain name of Nginx vhost. Example: logger
pass : password for Nginx auth
ansible-playbook site.yml
Wait some minutes, et voila, your centralized logging server is up and running!
Browse http://domain/index.html#/dashboard/file/logstash.json and happy logging!
See central-logs.yml for all tags available. Please note that tags must be launched in appearance order.
This is what the Playbook do:
-
Setup and configure Rsyslog to listen on tcp 514
-
Setup and configure Redis
-
Setup and configure Logstash
-
Setup and configure Elasticsearch, Install Open-Jdk
-
Setup and configure Nginx and Kibana 3 with simple HTTP authentication
Rsyslog-server role can be extended with TLS support. See http://www.rsyslog.com/doc/rsyslog_tls.html
Ansible Logstash Playbook by Valentino Gagliardi