On the centralized log server:
[cc lang='bash']
# create ssl certificate required by lumberjack
\$ openssl req -x509 -newkey rsa:1024 -keyout
/etc/logstash/logstash.key -out /etc/logstash/logstash.pub -nodes -days
3650
# build lumberjack package
\$ apt-get install rubygems -y
\$ gem install fpm
\$ export PATH=\$PATH:/var/lib/gems/1.8/bin
\$ cd /usr/src/
\$ git clone https://github.com/jordansissel/lumberjack.git
\$ cd lumberjack
\$ make
\$ make deb
[/cc]
On the sender node:
[cc lang='bash']
# copy logstash.pub to /etc/squid/logs/
\$ dpkg -i lumberjack_0.0.30_amd64.deb
\$ vi /etc/init.d/lumberjack
\$ chmod +x /etc/init.d/lumberjack
\$ update-rc.d lumberjack defaults
[/cc]
/etc/init.d/lumberjack
[cc lang='bash']
#! /bin/sh
### BEGIN INIT INFO
# Provides: lumberjack
# Required-Start: \$remote_fs \$syslog
# Required-Stop: \$remote_fs \$syslog
# Should-Start: \$local_fs
# Should-Stop: \$local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start daemon at boot time
# Description: Enable service provided by daemon
### END INIT INFO
. /lib/lsb/init-functions
name="lumberjack"
# Read configuration
HOST=`/bin/hostname -s`
LUMBERJACK_OPTIONS="--field source=\$HOST --host 10.20.30.40 --port
5001 --ssl-ca-path /etc/squid/logs/logstash.pub
/var/log/squid/access.log"
lumberjack_bin="/opt/lumberjack/bin/lumberjack.sh"
pid_file="/var/run/\$name.pid"
cwd=`pwd`
start () {
command="\${lumberjack_bin}"
if start-stop-daemon --start --quiet --oknodo --pidfile "\$pid_file" -b
-m --exec \$command -- \$LUMBERJACK_OPTIONS; then
log_end_msg 0
else
log_end_msg 1
fi
}
stop () {
start-stop-daemon --stop --quiet --oknodo --pidfile "\$pid_file"
}
status () {
status_of_proc -p \$pid_file "" "\$name"
}
case \$1 in
start)
if status; then exit 0; fi
echo -n "Starting \$name: "
start
echo "\$name."
;;
stop)
echo -n "Stopping \$name: "
stop
echo "\$name."
;;
restart)
echo -n "Restarting \$name: "
stop
sleep 1
start
echo "\$name."
;;
status)
status && exit 0 || exit \$?
;;
*)
echo "Usage: \$0 {start|stop|restart|status}"
exit 1
;;
esac
exit 0
[/cc]