Logstash配置安装
yum:
|
0 1 2 3 4 5 6 7 8 9 10 |
[root@ELK-node2 elasticsearch]# cd /etc/yum.repos.d/ [root@ELK-node2 yum.repos.d]# rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch [root@ELK-node2 yum.repos.d]# vim logstash.repo [root@ELK-node2 yum.repos.d]# cat logstash.repo [logstash-2.4] name=Logstash repository for 2.4.x packages baseurl=https://packages.elastic.co/logstash/2.4/centos gpgcheck=1 gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch enabled=1 [root@ELK-node2 yum.repos.d]# yum install logstash |
编译:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 |
[root@ELK-node1 tools]# wget https://download.elastic.co/logstash/logstash/logstash-2.4.0.tar.gz [root@ELK-node1 tools]# tar zxf logstash-2.4.0.tar.gz [root@ELK-node1 tools]# mv logstash-2.4.0 /byrd/service/ [root@ELK-node1 tools]# ln -s /byrd/service/logstash-2.4.0 /usr/local/logstash [root@ELK-node1 ~]# /usr/local/logstash/bin/logstash -e 'input { stdin{} } output { stdout{} }' heabc Settings: Default pipeline workers: 4 Pipeline main started 2016-09-25T07:51:48.961Z ELK-node1.log.t4x.org heabc [root@ELK-node1 ~]# /usr/local/logstash/bin/logstash -e 'input { stdin{} } output { stdout{codec => rubydebug} }' hello,world Settings: Default pipeline workers: 4 Pipeline main started { "message" => "hello,world", "@version" => "1", "@timestamp" => "2016-09-25T07:49:43.812Z", "host" => "ELK-node1.log.t4x.org" } Pipeline main has been shutdown stopping pipeline {:id=>"main"} [root@ELK-node1 ~]# cat /etc/logstash.conf input { file { path => "/var/log/messages" } } output { elasticsearch { hosts => [ "1.1.1.117:9200" ] index => "messages-%{+YYYY.MM.dd}" } } [root@ELK-node1 ~]# cat /etc/logstash.conf input { file { path => "/var/log/messages" } } output { redis { data_type => "list" key => "system-messages" host => "1.1.1.120" password => "abc123" port => "6379" db => "1" } } [root@ELK-node2 init.d]# cat /etc/logstash.conf input { redis { data_type => "list" key => "system-messages" host => "1.1.1.120" password => "abc123" port => "6379" db => "1" } } output { elasticsearch { hosts => [ "1.1.1.117:9200" ] index => "sys-messages-%{+YYYY.MM.dd}" } } [root@ELK-node1 tools]# cat /etc/logstash.conf input { file { path => "/var/log/nginx/access.log" codec => "json" } } output { redis { data_type => "list" key => "nginx-access-log" host => "1.1.1.120" password => "abc123" port => "6379" db => "2" } } [root@ELK-node2 ~]# cat /etc/logstash.conf input { redis { data_type => "list" key => "nginx-access-log" host => "1.1.1.120" password => "abc123" port => "6379" db => "2" } } output { elasticsearch { hosts => [ "1.1.1.117:9200" ] index => "nginx-access-log-%{+YYYY.MM.dd}" } } |
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 |
log_format logstash_json '{ "@timestamp": "$time_iso8601", ' '"remote_addr": "$remote_addr", ' '"referer": "$http_referer", ' '"request": "$request", ' '"status": $status, ' '"bytes":$body_bytes_sent, ' '"agent": "$http_user_agent", ' '"x_forwarded": "$http_x_forwarded_for", ' '"upstr_addr": "$upstream_addr",' '"upstr_host": "$upstream_http_host",' '"ups_resp_time": "$upstream_response_time" }'; access_log /var/log/nginx/access.log logstash_json; |
申明:除非注明Byrd's Blog内容均为原创,未经许可禁止转载!详情请阅读版权申明!
