Install Logstash

IMPORTANT: Ensure that you follow all the security-related best practices and guidelines outlined in the Logstash documentation to avoid any potential security risks.

The NetWitness Export Connector is an input plugin for Logstash. Hence, installation of Logstash is important for NetWitness Export Connector to work. For more information, see the Overview section.

You can install the open source version of Logstash (OSS) or the paid version (Elastic). The supported version is Logstash 7.6.2.

Information on released versions of Logstash is available at Logstash Reference.

Note: It is recommended to install the Logstash service in CentOS operating system for better results.

Do the following steps to Install the Logstash.

  1. Install the service: Installing Logstash
  2. After installation, set Logstash to run as a service: Running Logstash

  3. Enable Logstash to start when the system boots up: https://www.unix.com/man-page/centos/1/systemctl/

If you are using CentOS, make a note of the following:

  • Logstash logs are stored in /var/log/logstash/logstash-plain.log
  • If you install Logstash using rpm install, make sure it installs as logstash user and folders get created with the same user and not the root user.

Troubleshooting

For Generic Troubleshooting Instructions for Logstash, see Logstash Troubleshooting.