I'm trying to setup Logstash because I want to forward Apache log info into Elasticsearch. And I want to start Logstash process automatically when the server start.
I could resister Logstash as a service and start the process automatically, but it seems configure file has not been read by the service. And when I start logstash using -f option it work correctly, so, I can say that contents of the config file has no problem.
It's manual says , if I place *.conf file under /etc/logstash/conf.d/ , the service read the configure file when it start, but it never work as I expected.
How should I configure logstash so that it read the my config file when it start?
this is my config file and it has been placed on /etc/logstash/conf.d/01-httpdlog.conf
input {
file {
path => "/etc/httpd/logs/access_log"
start_position => beginning
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
}
output {
elasticsearch {
hosts => ["xxx.xxx.xxx.xxx:9200"]
}
file{
path => "/tmp/result.txt"
}
stdout {}
}
It's pretty certain that the user running logstash as a service doesn't have the permission to read your Apache log files.
You need to chmod 755 your Apache logs folder (in /etc/httpd/logs) and then it should work much better.