Sending AWX Tower Logs to Logstash Guide
Published:
Introduction
In this guide, we will walk through the process of configuring AWX Tower to send its logs to Logstash for centralized log management. This setup allows for better log analysis and monitoring.
Step 1: AWX Tower Settings
- Log in to the AWX interface and navigate to the “Settings” section.
- Click on the “Logging” tab.
Step 2: Configure External Logging
- Enable External Logging by turning it “On”.
- Specify the Logging Aggregator as your Logstash server’s IP address.
- Set the Logging Aggregator Port to 9999.
- Choose “logstash” as the Logging Aggregator Type.
- Select “TCP” as the Logging Aggregator Protocol.
- Set the Logging Aggregator Level Threshold to “Info”.
- Define the Loggers Sending Data to Log Aggregator. These should include: “awx”, “activity_stream”, “job_events”, and “system_tracking”.
Step 3: Logstash Configuration
- On your Logstash server, navigate to the directory
/etc/logstash/conf.d/. - Create a new configuration file named
awxtower.conf. Inside
awxtower.conf, configure the Logstash input as follows:input { tcp { port => 9999 } }Configure the Logstash output to send logs to Elasticsearch. Modify the Elasticsearch server’s IP, username, and password accordingly:
output { elasticsearch { hosts => ["http://elasticserverip:9200"] index => "awxtower-%{+YYYY-MM-dd}" user => "admin" password => "password" } stdout { codec => json } }
Step 4: Update Pipelines Configuration
- In the
/etc/logstashdirectory, open thepipelines.ymlfile. Add a new entry for your AWX Tower logs pipeline:
- pipeline.id: awxtower path.config: "/etc/logstash/conf.d/awxtower.conf"
Step 5: Restart Logstash
After making these configurations, restart the Logstash service to apply the changes:
sudo service logstash restart
This setup should now start forwarding logs from AWX Tower to Logstash, and then to Elasticsearch for further analysis and visualization. Make sure to replace placeholders like elasticserverip, admin, and password with your actual values.