Setting up Logstash on Debian/Ubuntu


Install Logstash:

cd /tmp
wget https://download.elasticsearch.org/logstash/logstash/logstash-1.4.2.tar.gz
tar -xvpf logstash-1.4.2.tar.gz
mv logstash-1.4.2 /opt/logstash

Create an init script /etc/init.d/logstash (this one worked fine for me on Ubuntu 14.04):

#! /bin/sh
 
### BEGIN INIT INFO
# Provides:          logstash
# Required-Start:    $network $remote_fs $named $elasticsearch
# Required-Stop:     $network $remote_fs $named $elasticsearch
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start logstash at boot time
# Description:       Enable service provided by daemon.
### END INIT INFO
 
. /lib/lsb/init-functions

name="logstash"
logstash_bin="/opt/logstash/bin/logstash"
logstash_conf="/etc/logstash/logstash.conf"
logstash_log="/var/log/logstash.log"
pid_file="/var/run/logstash.pid"
logstash_opts="-f ${logstash_conf} -l ${logstash_log}"

start () {
        log_daemon_msg "Starting $name" "$name"
        if start-stop-daemon --quiet --oknodo --pidfile "$pid_file" -b -m --exec $logstash_bin --start -- $logstash_opts; then
                log_end_msg 0
        else
                log_end_msg 1
        fi
}
 
stop () {
        log_daemon_msg "Stopping $name" "$name"
        start-stop-daemon --stop --quiet --oknodo --pidfile "$pid_file"
}

status () {
        status_of_proc -p $pid_file $logstash_bin "$name"
}

case $1 in
        start)
                if status; then exit 0; fi
                start
                ;;
        stop)
                stop
                ;;
        reload)
                stop
                start
                ;;
        restart)
                stop
                start
                ;;
        status)
                status && exit 0 || exit $?
                ;;
        *)
                echo "Usage: $0 {start|stop|restart|reload|status}"
                exit 1
                ;;
esac
exit 0

Finally make it executable and add logstash to startup:

chmod 755 /etc/init.d/logstash
update-rc.d logstash defaults 95 10

Now you’re ready to create your config file in /etc/logstash/logstash.conf:

input { stdin { type => "stdin-type"}}
output { stdout { debug => true debug_format => "json"}}

Now you can start it up! The logfile is /var/log/logstash.log.