Updated March 15, 2023
Introduction to Logstash TCP input
Logstash TCP input is the plugin available in Logstash, which helps in reading the events with the help of TCP sockets. There is a general assumption about events that one line of the text is similar to that of the file inputs and stdin that is standard input. This TCP input plugin can connect to the server or accept the connections initiated by the clients, which again depends upon the value of the model set. In this article, we will have a detailed discussion about Logstash TCP input and will study it by having a general discussion over the pointers What is Logstash TCP input, How to configure Logstash TCP input, Logstash TCP input examples, and a Conclusion about the same.
What is Logstash TCP input?
Logstash TCP input is the plugin available in Logstash, which helps establish a connection between the server or get the connection request from the clients accepted depending on the value of mode set by us. In short TCP input plugin in Logstash is responsible for reading the events taking place over the sockets of TCP. Log4j2 can transmit the data in the form of JSON over TCP sockets which can further be combined with the inputs of TCP so that the resultant logs can be accepted. We will need to make certain configurations to allow our app to transmit the JSON logs over the TCP sockets. The below-mentioned sample log4j2.xml file will help us to complete this task.
<Configuration>
<Appenders>
<Bitarray_socket name="Bitarray_socket" host="www.bitarray.io" port="54321">
<JsonLayout compact="true" eventEol="true" />
</Bitarray_socket>
</Appenders>
<Loggers>
<Root level="info">
<AppenderRef ref="Bitarray_socket"/>
</Root>
</Loggers>
</Configuration>
To accept the above-mentioned Logstash code, we will have to set up the filter for data and TCP input which the below statements can docents –
Input {
TCP {
port => 54321
codec = > JSON
}
}
To use the date filter as the event’s timestamp, you can add the following block of code for taking the time Millais of the log4j2 field’s value.
Filter{
Date{
Match => [“timemillis”, “UNI_MS”]
}
}
How to configure Logstash TCP input?
There are certain configurations supported by the input TCP plugin of Logstash, which are described in the below table –
- Configuration setting Type of input Optional/ Required
- Mode String which can have either client or server value Optional
- Dns reverse lookup enabled Boolean Optional
- Host String Optional
- Ecs compatibility String Optional
- Proxy protocol Boolean Optional
- Port Number Optional
- Ssl cert Valid path of file system Optional
- Ssl enables Boolean Optional
- Ssl certificate authorities Array Optional
- Ssl extra chain certs Array optional
- Ssl verifies Boolean optional
- Ssl key Valid oath of file system Optional
- Ssl key passphrase Password Optional
- TCP keeps alive Boolean Optional
Dns reverse lookup enabled – It has the Boolean type of value and, when not specified, has a default value of true. If you want to ignore and avoid the reverse lookups of DNS, it can be done by simply disabling this configuration. When disabled and set to false, the resolution of ip values to the host’s name cannot be made as well as the address of the source as specified for the layer of TCP will be added in the events and stored as the address metadata.
Host – It has the string type of value with the default value set to 0.0.0.0 and helps in the specification of the model, whether it’s of the server whose address is listened to or to the client, which is the address with whom the connection is to be established.
Ecs compatibility – It has a string type of value and can have values of disabled or v1 to v8. When set to disabled the root level is attached with the connection metadata of unstructured format, while for v1 to v8, the connection metadata in the structured format is attached under the [@metadata] [input] [TCP]. The default value of this configuration setting depends upon the version of Logstash that is being executed and run. When the provision of the pipeline. Ecs compatibility is made in Logstash; the same value is treated as the default value, or disabled are treated as the default value. This setting helps in controlling the compatibility of the plugin with the ECS. This common elastic schema affects the placement of the metadata of the TCP connections on the events.
The proxy protocol – Has a Boolean value, and the default value is false. Unfortunately, the support for this configuration setting is only available in the v1 version.
Ssl enables – It is of Boolean type with a default value of false and must be set to true if we want the options of configuration settings of ssl_ to come into effect.
Ssl cert – Has the path type of value with none of the default value as it should have the value of the path to the PEM format’s certification path. The certificate is useful on the client’s side during the presentation.
Logstash TCP input examples
For input TCP, we can add various configuration settings specified in the above table and define the behavior of our input TCP execution. Here, we will use the secured socket layer that is SSL and set the configuration setting accordingly in the example. Let us consider a sample example of how we can specify various configurations for input TCP plugin in the config file of Logstash –
input {
TCP {
type => “LFA-EIF”
port => 5321
ssl_enable => true
ssl_cert => “/c/users/bitarray/Logstash/LogstashSSLserver_crt.crt”
ssl_key => “/c/users/bitarray/Logstash/LogstashSSLserver_key.key”
ssl_cacert => “/c/users/bitarray/Logstash/cacert.pem”
ssl_verify => true
}
}
filter {
}
output {
stdout
{
codec => json_lines {}
}
file {
codec => json_lines {}
path => “/c/users/bitarray/opt/Logstash/%{type}-sampledebug.log”
}
file {
message_format => “%{message}”
path => “/c/users/bitarray/opt/Logstash/%{type}-sampleMessage.log”
}
}
The output on checking the file contents on the terminal using the cat command is as shown below –
Conclusion
The TCP input Logstash plugin reads the events over the TCP socket and considers all the events of one line of text that can accept either server or client mode.
Recommended Articles
This is a guide to Logstash TCP input. Here we discuss the Introduction overviews; Create Logstash multiple pipelines Examples with code implementation. You may also have a look at the following articles to learn more –