Puppet Class: simp_logstash

Defined in:
manifests/init.pp

Overview

This class enhances the electrical-logstash module in the configuration settings recommended for SIMP systems.

To modify the sysconfig settings, you’ll need to use the ‘::logstash::init_defaults’ hash.

Be aware that this will remove the entire file, it does not cherry-pick settings. See the Logstash documentation for a list of all options.

Please do not change the default config directory. This is hard coded in the upstream ‘logstash` module and referenced in this module.

See simp_logstash::clean if you want to automatically prune your logs to conserve ElasticSearch storage space.

Examples:

Set the Heap Size to ‘10g’ via Hiera

---
logstash::init_defaults :
  'LS_HEAP_SIZE' : '10g'

Parameters:

  • inputs (Array(String)) (defaults to: [ 'syslog' ])

    An Array of inputs to be enabled. These can also be individually enabled by class.

  • filters (Array(String)) (defaults to: [ 'puppet_agent', 'puppet_server', 'slapd_audit', 'sshd', 'sudosh' ])

    An Array of filters to be enabled. These can also be individually enabled by class.

  • outputs (Array(String)) (defaults to: [ 'elasticsearch' ])

    An Array of outputs to be enabled. These can also be individually enabled by class.

  • config_purge (Any) (defaults to: true)

Author:

  • Trevor Vaughan <tvaughan@onyxpoint.com>



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'manifests/init.pp', line 39

class simp_logstash (
  $inputs = [
    'syslog'
  ],
  $filters = [
    'puppet_agent',
    'puppet_server',
    'slapd_audit',
    'sshd',
    'sudosh'
  ],
  $outputs = [
    'elasticsearch'
  ],
  $config_purge = true
) {

  validate_array($inputs)
  validate_array($filters)
  validate_array($outputs)
  validate_bool($config_purge)

  include '::java'
  include '::logstash'

  # This is due to a bug in the upstream Logstash code that sets the owner of
  # all files to 'root:root' when they should be 'root:logstash' if the package
  # is installed.

  if $::logstash::logstash_user != 'logstash' {
    fail('The $::logstash::logstash_user must be set to "logstash" via Hiera or your ENC')
  }
  if $::logstash::logstash_group != 'logstash' {
    fail('The $::logstash::logstash_group must be set to "logstash" via Hiera or your ENC')
  }

  Class['java'] -> Class['logstash']
  Class['logstash'] -> Class['simp_logstash']

  $_config_dir = "${::logstash::configdir}/conf.d"
  $config_prefix = "${_config_dir}/simp-logstash"
  $config_suffix = '.conf'

  $config_order = {
    'input'  => '10',
    'filter' => '20',
    'output' => '30'
  }

  if !empty($inputs)  { ::simp_logstash::input { $inputs: } }
  if !empty($filters) { ::simp_logstash::filter { $filters: } }
  if !empty($outputs) { ::simp_logstash::output { $outputs: } }

  # We need to be able to purge invalid configurations. Unfortunately, LogStash
  # doesn't allow more than one configuration directory, so we've had to be a
  # bit aggressive.
  File <| title == $_config_dir |> {
    recurse => true,
    purge   => $config_purge,
    ignore  => 'logstash*.conf'
  }
}