GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mheese → Journalbeat

mheese / Journalbeat

Licence: other
Journalbeat is a log shipper from systemd/journald to Logstash/Elasticsearch

Programming Languages

go
31211 projects - #10 most used programming language

Labels

elasticsearchlogstash

Projects that are alternatives of or similar to Journalbeat

Dockerfile
some personally made dockerfile
Stars: ✭ 2,021 (+458.29%)
Mutual labels:  logstash, elasticsearch
Elastiflow
Network flow analytics (Netflow, sFlow and IPFIX) with the Elastic Stack
Stars: ✭ 2,322 (+541.44%)
Mutual labels:  logstash, elasticsearch
Synesis lite suricata
Suricata IDS/IPS log analytics using the Elastic Stack.
Stars: ✭ 167 (-53.87%)
Mutual labels:  logstash, elasticsearch
Json Logging Python
Python logging library to emit JSON log that can be easily indexed and searchable by logging infrastructure such as ELK, EFK, AWS Cloudwatch, GCP Stackdriver
Stars: ✭ 143 (-60.5%)
Mutual labels:  logstash, elasticsearch
Praeco
Elasticsearch alerting made simple.
Stars: ✭ 342 (-5.52%)
Mutual labels:  logstash, elasticsearch
Elk Stack
ELK Stack ... based on Elastic Stack 5.x
Stars: ✭ 148 (-59.12%)
Mutual labels:  logstash, elasticsearch
Docker Elastic Stack
ELK Stack Dockerfile
Stars: ✭ 175 (-51.66%)
Mutual labels:  logstash, elasticsearch
Vagrant Elastic Stack
Giving the Elastic Stack a try in Vagrant
Stars: ✭ 131 (-63.81%)
Mutual labels:  logstash, elasticsearch
Helk
The Hunting ELK
Stars: ✭ 3,097 (+755.52%)
Mutual labels:  logstash, elasticsearch
Dsiem
Security event correlation engine for ELK stack
Stars: ✭ 255 (-29.56%)
Mutual labels:  logstash, elasticsearch
Elk Hole
elasticsearch, logstash and kibana configuration for pi-hole visualiziation
Stars: ✭ 136 (-62.43%)
Mutual labels:  logstash, elasticsearch
Elasticsearch loader
A tool for batch loading data files (json, parquet, csv, tsv) into ElasticSearch
Stars: ✭ 300 (-17.13%)
Mutual labels:  logstash, elasticsearch
Elastic Stack
Aprenda Elasticsearch, Logstash, Kibana e Beats do jeito mais fácil ⭐️
Stars: ✭ 135 (-62.71%)
Mutual labels:  logstash, elasticsearch
Elk Docker
Elasticsearch, Logstash, Kibana (ELK) Docker image
Stars: ✭ 1,973 (+445.03%)
Mutual labels:  logstash, elasticsearch
Docker Elk
The Elastic stack (ELK) powered by Docker and Compose.
Stars: ✭ 12,327 (+3305.25%)
Mutual labels:  logstash, elasticsearch
Microservices Sample
Sample project to create an application using microservices architecture
Stars: ✭ 167 (-53.87%)
Mutual labels:  logstash, elasticsearch
Elassandra
Elassandra = Elasticsearch + Apache Cassandra
Stars: ✭ 1,610 (+344.75%)
Mutual labels:  logstash, elasticsearch
Elastic
Elastic Stack (6.2.4) 을 활용한 Dashboard 만들기 Project
Stars: ✭ 121 (-66.57%)
Mutual labels:  logstash, elasticsearch
Docker Elastic
Deploy Elastic stack in a Docker Swarm cluster. Ship application logs and metrics using beats & GELF plugin to Elasticsearch
Stars: ✭ 202 (-44.2%)
Mutual labels:  logstash, elasticsearch
Ansible Elk
📊 Ansible playbook for setting up an ELK/EFK stack and clients.
Stars: ✭ 284 (-21.55%)
Mutual labels:  logstash, elasticsearch
View All Similar Projects ➔

Deprecation warning

Journalbeat is no longer maintained and developed. It has been superseded by the official Elastic Journalbeat. Please consult the official Elastic docs for further details.

Journalbeat

Journalbeat is the Beat used for log shipping from systemd/journald based Linux systems. It follows the system journal very much like journalctl -f and sends the data to Logstash/Elasticsearch (or whatever you configured for your beat).

Journalbeat is targeting pure systemd distributions like CoreOS, Atomic Host, or others. There are no intentions to add support for older systems that do not use journald.

Use Cases and Goals

Besides from the obvious use case (log shipping) the goal of this project is also to provide a common source for more advanced topics like:

  • FIM (File Integrity Monitoring)
  • SIEM
  • Audit Logs / Monitoring

This is all possible because of the tight integration of the Linux audit events into journald. That said journalbeat can only provide the data source for these more advanced use cases. We need to develop additional pieces for monitoring and alerting - as well as hopefully a standardized Kibana dashboard to cover these features.

Documentation

None so far. As of this writing, this is the first commit. There are things to come. You can find a journalbeat.yml config file in the etc folder which should be self-explanatory for the time being.

Install

You need to install systemd development packages beforehand. In a RHEL or Fedora environment, you need to install the systemd-devel package, libsystemd-dev in debian-based systems, et al.

go get github.com/mheese/journalbeat

NOTE: This is not the preferred way from Elastic on how to do it. Needs to be revised (of course).

Caveats

A few current caveats with journalbeat

cgo

The underlying system library go-systemd makes heavy usage of cgo and the final binary will be linked against all client libraries that are needed in order to interact with sd-journal. That means that the resulting binary is not really Linux distribution independent (which is kind of expected in a way).

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].