Sending AWX Tower Logs to Logstash Guide

1 minute read

Published:

Introduction

In this guide, we will walk through the process of configuring AWX Tower to send its logs to Logstash for centralized log management. This setup allows for better log analysis and monitoring.

Step 1: AWX Tower Settings

  1. Log in to the AWX interface and navigate to the “Settings” section.
  2. Click on the “Logging” tab.

Step 2: Configure External Logging

  1. Enable External Logging by turning it “On”.
  2. Specify the Logging Aggregator as your Logstash server’s IP address.
  3. Set the Logging Aggregator Port to 9999.
  4. Choose “logstash” as the Logging Aggregator Type.
  5. Select “TCP” as the Logging Aggregator Protocol.
  6. Set the Logging Aggregator Level Threshold to “Info”.
  7. Define the Loggers Sending Data to Log Aggregator. These should include: “awx”, “activity_stream”, “job_events”, and “system_tracking”.

Step 3: Logstash Configuration

  1. On your Logstash server, navigate to the directory /etc/logstash/conf.d/.
  2. Create a new configuration file named awxtower.conf.
  3. Inside awxtower.conf, configure the Logstash input as follows:

    input {
      tcp {
        port => 9999
      }
    }
    
  4. Configure the Logstash output to send logs to Elasticsearch. Modify the Elasticsearch server’s IP, username, and password accordingly:

    output {
      elasticsearch {
        hosts => ["http://elasticserverip:9200"]
        index => "awxtower-%{+YYYY-MM-dd}"
        user => "admin"
        password => "password"
      }
      stdout { codec => json }
    }
    

Step 4: Update Pipelines Configuration

  1. In the /etc/logstash directory, open the pipelines.yml file.
  2. Add a new entry for your AWX Tower logs pipeline:

    - pipeline.id: awxtower
      path.config: "/etc/logstash/conf.d/awxtower.conf"
    

Step 5: Restart Logstash

After making these configurations, restart the Logstash service to apply the changes:

sudo service logstash restart

This setup should now start forwarding logs from AWX Tower to Logstash, and then to Elasticsearch for further analysis and visualization. Make sure to replace placeholders like elasticserverip, admin, and password with your actual values.