Centralized logging with Logstash

Managing infrastructure on multiple servers is always tricky job to do. The worst part of it -- troubleshooting problems when some operations use multiple servers. Answering the question what part of the chain fails -- takes a lot of time and efforts. Specially this problem becomes hard because we need to ssh to each of servers and see multiple logs.

Logstash (https://www.elastic.co/products/logstash) is an open source project aimed to help organizing your system and application logs, store them centrally and has tools for monitoring. We have had great experience deploying logs centralizing system and monitoring with Kibana for group of 20+ servers. This allowed us to troubleshoot problems extremely fast and made maintenance much easier job.

In this session following topics will be covered:

• deployment logstash to multiple servers
• input, output, filter, codec elements of setup logstash
• analyzing logs with kibana visualization tool
• monitoring logs and email alerts (custom php solution)