How To Install rsyslog-elasticsearch on CentOS 8

rsyslog-elasticsearch is ElasticSearch output module for rsyslog

Introduction

In this tutorial we learn how to install rsyslog-elasticsearch on CentOS 8.

What is `rsyslog-elasticsearch`

This module provides the capability for rsyslog to feed logs directly into Elasticsearch.

We can use yum or dnf to install rsyslog-elasticsearch on CentOS 8. In this tutorial we discuss both methods but you only need to choose one of method to install rsyslog-elasticsearch.

Install rsyslog-elasticsearch on CentOS 8 Using dnf

Update yum database with dnf using the following command.

sudo dnf makecache --refresh

The output should look something like this:

CentOS Linux 8 - AppStream                                       43 kB/s | 4.3 kB     00:00    
CentOS Linux 8 - BaseOS                                          65 kB/s | 3.9 kB     00:00    
CentOS Linux 8 - ContinuousRelease                               43 kB/s | 3.0 kB     00:00    
CentOS Linux 8 - Extras                                          23 kB/s | 1.5 kB     00:00    
CentOS Linux 8 - FastTrack                                       40 kB/s | 3.0 kB     00:00    
CentOS Linux 8 - HighAvailability                                36 kB/s | 3.9 kB     00:00    
CentOS Linux 8 - Plus                                            24 kB/s | 1.5 kB     00:00    
CentOS Linux 8 - PowerTools                                      50 kB/s | 4.3 kB     00:00    
Extra Packages for Enterprise Linux Modular 8 - x86_64           13 kB/s | 9.2 kB     00:00    
Extra Packages for Enterprise Linux 8 - x86_64                   24 kB/s | 8.5 kB     00:00    
Metadata cache created.

After updating yum database, We can install rsyslog-elasticsearch using dnf by running the following command:

sudo dnf -y install rsyslog-elasticsearch

Install rsyslog-elasticsearch on CentOS 8 Using yum

Update yum database with yum using the following command.

sudo yum makecache --refresh

The output should look something like this:

CentOS Linux 8 - AppStream                                       43 kB/s | 4.3 kB     00:00    
CentOS Linux 8 - BaseOS                                          65 kB/s | 3.9 kB     00:00    
CentOS Linux 8 - ContinuousRelease                               43 kB/s | 3.0 kB     00:00    
CentOS Linux 8 - Extras                                          23 kB/s | 1.5 kB     00:00    
CentOS Linux 8 - FastTrack                                       40 kB/s | 3.0 kB     00:00    
CentOS Linux 8 - HighAvailability                                36 kB/s | 3.9 kB     00:00    
CentOS Linux 8 - Plus                                            24 kB/s | 1.5 kB     00:00    
CentOS Linux 8 - PowerTools                                      50 kB/s | 4.3 kB     00:00    
Extra Packages for Enterprise Linux Modular 8 - x86_64           13 kB/s | 9.2 kB     00:00    
Extra Packages for Enterprise Linux 8 - x86_64                   24 kB/s | 8.5 kB     00:00    
Metadata cache created.

After updating yum database, We can install rsyslog-elasticsearch using yum by running the following command:

sudo yum -y install rsyslog-elasticsearch

How To Uninstall rsyslog-elasticsearch on CentOS 8

To uninstall only the rsyslog-elasticsearch package we can use the following command:

sudo dnf remove rsyslog-elasticsearch

rsyslog-elasticsearch Package Contents on CentOS 8

/usr/lib/.build-id
/usr/lib/.build-id/03
/usr/lib/.build-id/03/12576bc578bf4bba643e2e660c3596cefc327c
/usr/lib64/rsyslog/omelasticsearch.so
/usr/lib/.build-id
/usr/lib/.build-id/e4
/usr/lib/.build-id/e4/95567ce44bd26c04234c197cd129b6d9d6a06f
/usr/lib64/rsyslog/omelasticsearch.so

References

rsyslog-elasticsearch website

Summary

In this tutorial we learn how to install rsyslog-elasticsearch on CentOS 8 using yum and dnf.