Logstash Logging Handler

New in version 0.17.0.

This module provides some Logstash logging handlers.

UDP Logging Handler

In order to setup the datagram handler for Logstash, please define on the salt configuration file:

logstash_udp_handler:
  host: 127.0.0.1
  port = 9999

On the Logstash configuration file you need something like:

input {
  udp {
    type => "udp-type"
    format => "json_event"
  }
}

Please read the UDP input configuration page for additional information.

ZeroMQ Logging Handler

In order to setup the ZMQ handler for Logstash, please define on the salt configuration file:

logstash_zmq_handler:
  address: tcp://127.0.0.1:2021

On the Logstash configuration file you need something like:

input {
  zeromq {
    type => "zeromq-type"
    mode => "server"
    topology => "pubsub"
    address => "tcp://0.0.0.0:2021"
    charset => "UTF-8"
    format => "json_event"
  }
}

Please read the ZeroMQ input configuration page for additional information.

Important Logstash Setting

One of the most important settings that you should not forget on your Logstash configuration file regarding these logging handlers is format. Both the UDP and ZeroMQ inputs need to have format as json_event which is what we send over the wire.

Log Level

Both the logstash_udp_handler and the logstash_zmq_handler configuration sections accept an additional setting log_level. If not set, the logging level used will be the one defined for log_level in the global configuration file section.

HWM

The high water mark for the ZMQ socket setting. Only applicable for the logstash_zmq_handler.

Inspiration

This work was inspired in pylogstash, python-logstash, canary and the PyZMQ logging handler.