Beats for journalctl - JournalBeat

Sending beats from journalctl (systemd’s logging provider) to logstash/elasticsearch with JournalBeat on Github

Ubuntu 16.04 or 18.04

Install required packages to build (libsystemd-dev and golang-go)

$ sudo apt install libsystemd-dev golang-go
$ vi ~/.bashrc

Add the following lines:

export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

Open a new shell. (or ‘. ~/.bashrc’)

$ go get github.com/mheese/journalbeat

Installation

Once retrieved, move files to production locations (including other computers)

sudo cp ~/go/bin/journalbeat /bin/
sudo mkdir -p /etc/journalbeat/ && sudo cp ~/go/src/github.com/mheese/journalbeat/etc/journalbeat.yml /etc/journalbeat/

Adjust journalbeat.yml as needed

sudo vi /etc/journalbeat/journalbeat.yml

Create systemd unit file

sudo vi /lib/systemd/system/journalbeat.service

[Unit]
Description=JournalBeat service

[Service]
ExecStart=/bin/journalbeat -c /etc/journalbeat/journalbeat.yml
StandardOutput=null

[Install]
WantedBy=multi-user.target
Alias=journalbeat.service

Test service

sudo systemctl start journalbeat

sudo systemctl status journalbeat

If everything looks good

sudo systemctl enable journalbeat