Lightweight socat UDP Logstash shippers

In my opinion it’s much better using a lightweight log shipper like socat to ship logs to Logstash. This way you can save yourself from running a Java process on the source host where your logs are.

You can specify UDP as your Logstash input.

The benefit of UDP is that nothing is negatively impacted if your logstash server goes down, other than the missing data.

Here is an example of what the log shippers can look like. I use port 9999 for this example but you should use whatever port you want for this type of input. You’ll need a UDP port for each different type of input file format, assuming you’re extracting data from logs:


tail -F /home/user/rails_app/log/production.log | socat STDIN UDP-SENDTO:hostname:9999

Here is what your Logstash input should look like:


input {

udp {
 port => 9999
 type => "rails_log"
 }

}
VN:F [1.9.22_1171]
Rating: 5.0/5 (3 votes cast)
VN:F [1.9.22_1171]
Rating: +3 (from 3 votes)
Lightweight socat UDP Logstash shippers, 5.0 out of 5 based on 3 ratings
Facebook Twitter Email

Leave a Reply