博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
logstash收集syslog日志
阅读量:4676 次
发布时间:2019-06-09

本文共 3845 字,大约阅读时间需要 12 分钟。

logstash收集syslog日志

注意:生产用syslog收集日志!!!

编写logstash配置文件

#首先我用rubydebug测试数据[root@elk-node1 conf.d]# cat syslog.confinput{    syslog{    type => "system-syslog"    host => "192.168.247.135"    port => "514"}}output{    stdout{    codec => "rubydebug"}#检查语法[root@elk-node1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/syslog.conf --configtestConfiguration OKYou have new mail in /var/spool/mail/root[root@elk-node1 ~]# ss -lntp|grep 514LISTEN     0      50      ::ffff:192.168.247.135:514                     :::*                   users:(("java",pid=9605,fd=14))#修改rsyslog配置文件让其能访问[root@elk-node1 ~]# vim /etc/rsyslog.conf*.* @@192.168.247.135:514[root@elk-node1 ~]# systemctl restart rsyslog[root@elk-node1 ~]##运行测试[root@elk-node1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/syslog.confSettings: Default filter workers: 1Logstash startup completed{           "message" => "Registered Authentication Agent for unix-process:9680:2638370 (system bus name :1.490 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)\n",          "@version" => "1",        "@timestamp" => "2018-07-15T10:08:58.000Z",              "type" => "system-syslog",              "host" => "192.168.247.135",          "priority" => 85,         "timestamp" => "Jul 15 18:08:58",         "logsource" => "elk-node1",           "program" => "polkitd",               "pid" => "686",          "severity" => 5,          "facility" => 10,    "facility_label" => "security/authorization",    "severity_label" => "Notice"}#添加到elk-log.yml文件[root@elk-node1 conf.d]# cat elk_log.confinput {    file {      path => "/var/log/messages"      type => "system"      start_position => "beginning"    }    file {       path => "/var/log/elasticsearch/hejianlai.log"       type => "es-error"       start_position => "beginning"      codec => multiline {          pattern => "^\["          negate => true          what => "previous"        }    }       file {       path => "/var/log/nginx/access_json.log"       codec => json       start_position => "beginning"       type => "nginx-log"    }    syslog{    type => "system-syslog"    host => "192.168.247.135"    port => "514"}}output {        if [type] == "system"{        elasticsearch {           hosts => ["192.168.247.135:9200"]           index => "systemlog-%{+YYYY.MM.dd}"        }    }     if [type] == "es-error"{        elasticsearch {           hosts => ["192.168.247.135:9200"]           index => "es-error-%{+YYYY.MM.dd}"        }    }       if [type] == "nginx-log"{        elasticsearch {           hosts => ["192.168.247.135:9200"]           index => "nginx-log-%{+YYYY.MM.dd}"        }    }       if [type] == "system-syslog"{        elasticsearch {           hosts => ["192.168.247.135:9200"]           index => "system-syslog-log-%{+YYYY.MM.dd}"        }    }}#检查语法[root@elk-node1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/elk_log.conf --configtestConfiguration OK#后台运行[root@elk-node1 conf.d]# ps aux|grep elk|awk '{print $2}'|xargs kill -9kill: sending signal to 9780 failed: No such processYou have new mail in /var/spool/mail/root[root@elk-node1 conf.d]# ps aux|grep elk|awk '{print $2}'9785[1]+  Killed                  /opt/logstash/bin/logstash -f /etc/logstash/conf.d/elk_log.conf  (wd: ~)(wd now: /etc/logstash/conf.d)[root@elk-node1 conf.d]# ps aux|grep elkroot       9788  0.0  0.0 112704   972 pts/0    R+   18:18   0:00 grep --color=auto elk[root@elk-node1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/elk_log.conf &[1] 9789#手动添加日志[root@elk-node1 conf.d]# logger "you hao"[root@elk-node1 conf.d]# logger "hello world"[root@elk-node1 conf.d]# logger "跟我一起学猫叫,一起喵喵喵"

 

Kibana设置

看hand插件上我们能看到system-syslog索引

 

Kibana上添加system-syslog索引

 

完美

 

转载于:https://www.cnblogs.com/Dev0ps/p/9314481.html

你可能感兴趣的文章
Drools只执行一个规则或者执行完当前规则之后不再执行其他规则(转)
查看>>
20180110小测
查看>>
冰点还原8.57 官方中文版下载
查看>>
poj 2236(并查集的应用)
查看>>
C 栈 链式存储
查看>>
Java 游戏报错 看不懂求教
查看>>
APP自动化测试
查看>>
HTML中让表单input等文本框为只读不可编辑的方法
查看>>
nodejs做中间层,向后端取数据
查看>>
IntelliJ IDEA 2017 MySQL5 绿色版 Spring 4 Mybatis 3 配置步骤详解(二)
查看>>
(转)Java DecimalFormat 用法(数字格式化)
查看>>
hiho_100_八数码
查看>>
Eclipse序列号生成代码
查看>>
JVM
查看>>
设计模式记录
查看>>
SPF,DSPF,RDPF,SPEF and SBPF.
查看>>
JS学习文章
查看>>
window系统服务器,远程连接mysql数据库。
查看>>
CAS总结之Ticket篇
查看>>
Python2.7升级至Python3.6
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2024-10-22 09:45:40   当前IP: 3.144.40.182   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2
强烈建议你试试无所不能的CHAT-GPT,快点击我
强烈建议你试试无所不能的CHAT-GPT,快点击我