logstash安裝

時間 2019-11-11

原文原文鏈接

1.部署

cd /usr/local/src
wget https://artifacts.elastic.co/downloads/logstash/logstash-5.2.2.rpm
sha1sum logstash-5.2.2.rpm

#這個rpm安裝須要讀取/usr/bin/java,因此須要將咱們經常使用jdk目錄的java軟鏈接過去
ln -s /usr/local/jdk1.8.0_151/bin/java /usr/bin/
rpm --install logstash-5.2.2.rpm

2.寫一個簡易的配置文件收集一下messages和secure日誌

#這個配置文件能夠放在/etc/logstash/conf.d/ 下，本身根據狀況定義*.conf
input {
    file {
                path => [ "/var/log/messages","/var/log/secure" ]
                start_position => "beginning"
    } 
}

filter {
    if [path] == "/var/log/messages" {
        mutate {
            replace => { type => "messages_type" }
        }
    }
    if [path] == "/var/log/secure" {
        mutate {
            replace => { type => "secure_type" }
        }
    }
}   

output {
    stdout {
        codec=>rubydebug
    }
    if [type] == "messages_type" {
        elasticsearch {
            hosts =>"11.0.0.51:9200"
            index => "messages-%{+YYYY.MM.dd}"
        }
    }
    if [type] == "secure_type"  {
        elasticsearch {
            hosts =>"11.0.0.51:9200"
            index => "secure-%{+YYYY.MM.dd}"
                    }
    }
}

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。