Routing your logs to a Logstash host with the Log Forwarder

Use the Log Forwarder to collect the virtual appliance logs and post them to the Logstash host of an ELK stack.

We can configure the Log Forwarder to route the virtual appliance and system logs to an external Logstash host. If we are provided with an ELK stack, we can then run analytics on your log files as the next figure shows.

Figure 1. Forwarding logs to an ELK stack
Forwarding logs to ELK
We can configure, reconfigure, or unconfigure the Log Forwarder options from the virtual appliance dashboard. See Table 1.

Button Log Forwarder options
Configure

Host name (FQDN, IPv4, or IPv6)
Enter the fully qualified domain name, or the IP address, of the Logstash host.

Port
Specify a valid service port of the Logstash host.

SSL
Flag this check box to apply SSL encryption to the connection with the Logstash host.

If selecting this option, after we click Save Configuration, we are also prompted to accept a default SSL certificate for the connection with the Logstash host. Attention: A connection over SSL with Logstash requires the following conditions:

  • Logstash must run with a non-IBM version of Java, version 1.8 or higher.

  • The security protocol of the virtual appliance must be TLSv1.2.

Tags
Enter optional tags for the log events that are routed to the Logstash host.
Reconfigure

Host name (FQDN, IPv4, or IPv6)
Change the fully qualified domain name, or the IP address, of the Logstash host.

Port
Change the service port of the Logstash host.

SSL
Flag this check box to apply SSL encryption to the connection with the Logstash host.

If selecting this option, after we click Save Configuration, we are also prompted to accept a default SSL certificate for the connection with the Logstash host. Attention: A connection over SSL with Logstash requires the following conditions:

  • Logstash must run with a non-IBM version of Java, version 1.8 or higher.

  • The security protocol of the virtual appliance must be TLSv1.2.

Tags
Add, change, or remove optional tags for the log events that are routed to the Logstash host.

  1. From the top-level menu of the Appliance Dashboard, select Manage System Settings > Maintenance > Log Forwarder Configuration. The Log Forwarder (Filebeat) Configuration Details page is displayed.

  2. Enter a new configuration or change an existing one.

    • Enter a new configuration.

      1. Click Configure.

      2. In the New Log Forwarder Configuration window, specify the requested values. See Table 1.

      3. Click Save Configuration. A message indicates that the configuration is successfully completed. If we selected the SSL option, we are prompted to accept a default SSL certificate for the connection with the Logstash host.

    • Change an existing configuration.

      1. From the Log Forwarder (Filebeat) Configuration Details table, select a record. For example, Log Forwarder Configuration.

      2. Click Reconfigure.

      3. In the Edit Log Forwarder Configuration window, edit the details. See Table 1.

      4. Click Save Configuration. A message indicates that the Log Forwarder configuration is successfully changed. If your changes require the need of a new SSL certificate, we are prompted to accept a default SSL certificate for the connection with the Logstash host.

  3. Optional: To unconfigure a Log Forwarder configuration, follow these steps:

    1. From the Log Forwarder (Filebeat) Configuration Details table, select a record. For example, Log Forwarder Configuration.

    2. Click Unconfigure.

    3. Click Yes to confirm. A message indicates that the Log Forwarder configuration is successfully removed.

Parent topic: Virtual appliance configuration