sematext / logagent-js

Extensible log shipper with input/output plugins, buffering, parsing, data masking, and small memory/CPU footprint
https://sematext.com/logagent
Apache License 2.0
390 stars 79 forks source link
elk elk-stack javascript log-collector log-management logagent logging logs logshipper nodejs

Build Status Deploy - read more

What is Logagent

Logagent is a modern, open-source, light-weight log shipper. It is like Filebeat and Logstash in one, without the JVM memory footprint. It comes with out of the box and extensible log parsing, on-disk buffering, secure transport, and bulk indexing to Elasticsearch, Sematext Logs, and other destinations. Its low memory footprint and low CPU overhead make it suitable for deploying on edge nodes and devices, while its ability to parse and structure logs makes it a great Logstash alternative.

Docker

Details about the the Logagent Docker image are described in the Docker Hub Readme

Installation

1) Install Node.js

Official Node.js downloads and instructions. E.g. for Debian/Ubuntu:

curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
sudo apt-get install -y nodejs
Install Logagent with npm
sudo npm i -g @sematext/logagent

2) Run logagent command line tool

logagent --help

3) Example: Index your log files in Elasticsearch

logagent -e http://localhost:9200 -i logs -g ‘/var/log/**/*.log’

4) Optional: Install service & config

Install service for Logagent using systemd, upstart, launchd To quickly create a config file for indexing into Elasticsearch without having to edit it run something like this:

sudo logagent-setup -u http://localhost:9200 -i INDEX_NAME -g '/var/log/**/*.log'
# Logsene US: use -u https://logsene-receiver.sematext.com and your Logsene App Token as index name.
# Logsene EU: use -u https://logsene-receiver.eu.sematext.com and your Logsene App Token as index name.

Configuration

To configure different inputs, different event processing, or different outputs (e.g. your own Elasticsearch) edit /etc/sematext/logagent.conf, e.g.:

output:
  logsene:
    module: elasticsearch
    url: http://elasticsearch-server:9200
    index: logs

Then restart the service with sudo service logagent restart. Troubleshooting & Logs Logagent’s own logs:

Location of service scripts:

Start/stop service:

Documentation & Support

Development