How to configure sensu to send log to ELK host?


#1

Hi guys,

I want to send log of sensu to logstash and this is my config

logstash.json:

{

“logstash”: {

“server”: “192.168.1.100”,

“port”: 5099,

“list”: “logstash”,

“type” : “sensu-logstash”

}

}

handler_logstash.json:

{

“handlers”: {

“logstash”: {

“type”: “pipe”,

“command”: “/opt/sensu/embedded/bin/ruby /etc/sensu/handlers/logstash.rb”,

“severities”: [

“ok”,

“warning”,

“critical”,

“unknown”

]

}

}

}

config.json:

{

“handlers”: {

“default”: {

“type”: “set”,

“handlers”: [

“logstash”

]

},

“logstash”: {

“socket”: {

“host”: “192.168.1.100”,

“port”: 5099

},

“type”: “tcp”,

“command”: “/etc/sensu/handlers/logstash.rb”

}

}

}

and config of logstash input:

input {

tcp { port => 5099 type => “sensu-logstash” }

}

output { elasticsearch { host => “192.168.1.100” protocol => “http” port => “9200” } }

are these config file ok?I have no received any event. Someone help me this config

Thanks in advanced


#2

It looks like the logstash handler is defined as a "tcp" handler and a
"pipe" handler?

Also by examining the output of the sensu-sever logs you should be
able to inspect what is happening?

···

On Wed, Jan 7, 2015 at 8:14 PM, Jin Nguyen <jindov@gmail.com> wrote:

Hi guys,

I want to send log of sensu to logstash and this is my config

logstash.json:

  {
  "logstash": {
    "server": "192.168.1.100",
    "port": 5099,
    "list": "logstash",
    "type" : "sensu-logstash"
    }
  }

handler_logstash.json:

{
  "handlers": {
    "logstash": {
      "type": "pipe",
      "command": "/opt/sensu/embedded/bin/ruby
/etc/sensu/handlers/logstash.rb",
      "severities": [
        "ok",
        "warning",
        "critical",
        "unknown"
      ]
    }
  }
}

config.json:

{
  "handlers": {
    "default": {
      "type": "set",
      "handlers": [
        "logstash"
      ]
    },
    "logstash": {
      "socket": {
        "host": "192.168.1.100",
        "port": 5099
      },
      "type": "tcp",
      "command": "/etc/sensu/handlers/logstash.rb"
    }
  }
}

and config of logstash input:

input {

  tcp { port => 5099 type => "sensu-logstash" }

}

output { elasticsearch { host => "192.168.1.100" protocol => "http" port =>
"9200" } }

are these config file ok?I have no received any event. Someone help me this
config

Thanks in advanced


#3

Hi Jin,

Wondering if you had solved this? I am trying to implement similar one, either via UDP or Redis.

···

On Friday, 9 January 2015 14:14:06 UTC+11, Kyle Anderson wrote:

It looks like the logstash handler is defined as a “tcp” handler and a

“pipe” handler?

Also by examining the output of the sensu-sever logs you should be

able to inspect what is happening?

On Wed, Jan 7, 2015 at 8:14 PM, Jin Nguyen jin...@gmail.com wrote:

Hi guys,

I want to send log of sensu to logstash and this is my config

logstash.json:

{

“logstash”: {

"server": "192.168.1.100",
"port": 5099,
"list": "logstash",
"type" : "sensu-logstash"
}

}

handler_logstash.json:

{

“handlers”: {

"logstash": {
  "type": "pipe",
  "command": "/opt/sensu/embedded/bin/ruby

/etc/sensu/handlers/logstash.rb",

  "severities": [
    "ok",
    "warning",
    "critical",
    "unknown"
  ]
}

}

}

config.json:

{

“handlers”: {

"default": {
  "type": "set",
  "handlers": [
    "logstash"
  ]
},
"logstash": {
  "socket": {
    "host": "192.168.1.100",
    "port": 5099
  },
  "type": "tcp",
  "command": "/etc/sensu/handlers/logstash.rb"
}

}

}

and config of logstash input:

input {

tcp { port => 5099 type => “sensu-logstash” }

}

output { elasticsearch { host => “192.168.1.100” protocol => “http” port =>

“9200” } }

are these config file ok?I have no received any event. Someone help me this

config

Thanks in advanced


#4

https://github.com/sensu-plugins/sensu-plugins-logstash/issues/2

Cross-posting is fine, but make sure you reference it as the log info you posted could be helpful to other who are looking at the issue as well. :wink:

···

On Tue, May 5, 2015 at 9:22 AM, lenfree yeung lenfree.yeung@gmail.com wrote:

Hi Jin,

Wondering if you had solved this? I am trying to implement similar one, either via UDP or Redis.

On Friday, 9 January 2015 14:14:06 UTC+11, Kyle Anderson wrote:

It looks like the logstash handler is defined as a “tcp” handler and a
“pipe” handler?

Also by examining the output of the sensu-sever logs you should be
able to inspect what is happening?

On Wed, Jan 7, 2015 at 8:14 PM, Jin Nguyen jin...@gmail.com wrote:

Hi guys,

I want to send log of sensu to logstash and this is my config

logstash.json:

{
“logstash”: {
“server”: “192.168.1.100”,
“port”: 5099,
“list”: “logstash”,
“type” : “sensu-logstash”
}
}

handler_logstash.json:

{
“handlers”: {
“logstash”: {
“type”: “pipe”,
“command”: “/opt/sensu/embedded/bin/ruby
/etc/sensu/handlers/logstash.rb”,
“severities”: [
“ok”,
“warning”,
“critical”,
“unknown”
]
}
}
}

config.json:

{
“handlers”: {
“default”: {
“type”: “set”,
“handlers”: [
“logstash”
]
},
“logstash”: {
“socket”: {
“host”: “192.168.1.100”,
“port”: 5099
},
“type”: “tcp”,
“command”: “/etc/sensu/handlers/logstash.rb”
}
}
}

and config of logstash input:

input {

tcp { port => 5099 type => “sensu-logstash” }

}

output { elasticsearch { host => “192.168.1.100” protocol => “http” port =>
“9200” } }

are these config file ok?I have no received any event. Someone help me this
config

Thanks in advanced

Matt Jones @DevopsMatt

Infrastructure Engineer - Yieldbot Inc.

Core Contributor - Sensu Plugins

https://linkedin.com/in/mattyjones