-2

I need something like ODBC logging on Linux. There are some older libraries for Apache and MySQL, but I do not want to use them. I found the ELK stack and installed it. Can Logstash, ElasticSearch and Kibana be used as an http logging mechanism, so I can see user, ip address, etc.?

Using Debian Jessie.

johnny
  • 2,268
  • 9
  • 35
  • 54

1 Answers1

2

Surely it is possible. A simple google search will give you more than one very good documentation on that.

See here: Logstash Configuration Example

Apache's log patterns are included in the default Logstash patterns, so it is fairly easy to set up a filter for it, see more here: Adding Logstash Filters To Improve Centralized Logging.

Diamond
  • 8,791
  • 3
  • 22
  • 37
  • Absolutely. We have a multi-TB ELK instance for our HTTP requests. – Mark Henderson Nov 24 '15 at 23:01
  • @MarkHenderson could you share an approximation of the number of log messages/second and the hardware it's running on? I'm curious. Thanks. – André Borie Nov 25 '15 at 12:07
  • @AndréBorie sure. The stats about the kind of traffic you can [find here](http://stackexchange.com/performance) (although I think it's a bit outdated now). Our ELK cluster is not the one from that page though (that's for searching the sites). We have six ElasticSearch boxes for logging, each with 2x E5-2660, 192GB of RAM and 43.65TB of usable storage. However that's also used for a bunch of other logstashing stuff, not just HTTP. – Mark Henderson Nov 25 '15 at 14:47
  • @MarkHenderson thanks for sharing, that's some pretty expensive hardware. – André Borie Nov 25 '15 at 16:09