logstash收集syslog日志
logstash收集syslog日志
注意:生产用syslog收集日志!!!
编写logstash配置文件
#首先我用rubydebug测试数据
[root@elk-node1 conf.d]# cat syslog.conf
input{
syslog{
type => "system-syslog"
host => "192.168.247.135"
port => "514"
}
}
output{
stdout{
codec => "rubydebug"
}
#检查语法
[root@elk-node1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/syslog.conf --configtest
Configuration OK
You have new mail in /var/spool/mail/root
[root@elk-node1 ~]# ss -lntp|grep 514
LISTEN 0 50 ::ffff:192.168.247.135:514 :::* users:(("java",pid=9605,fd=14))
#修改rsyslog配置文件让其能访问
[root@elk-node1 ~]# vim /etc/rsyslog.conf
*.* @@192.168.247.135:514
[root@elk-node1 ~]# systemctl restart rsyslog
[root@elk-node1 ~]#
#运行测试
[root@elk-node1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/syslog.conf
Settings: Default filter workers: 1
Logstash startup completed
{
"message" => "Registered Authentication Agent for unix-process:9680:2638370 (system bus name :1.490 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)\n",
"@version" => "1",
"@timestamp" => "2018-07-15T10:08:58.000Z",
"type" => "system-syslog",
"host" => "192.168.247.135",
"priority" => 85,
"timestamp" => "Jul 15 18:08:58",
"logsource" => "elk-node1",
"program" => "polkitd",
"pid" => "686",
"severity" => 5,
"facility" => 10,
"facility_label" => "security/authorization",
"severity_label" => "Notice"
}
#添加到elk-log.yml文件
[root@elk-node1 conf.d]# cat elk_log.conf
input {
file {
path => "/var/log/messages"
type => "system"
start_position => "beginning"
}
file {
path => "/var/log/elasticsearch/hejianlai.log"
type => "es-error"
start_position => "beginning"
codec => multiline {
pattern => "^\["
negate => true
what => "previous"
}
}
file {
path => "/var/log/nginx/access_json.log"
codec => json
start_position => "beginning"
type => "nginx-log"
}
syslog{
type => "system-syslog"
host => "192.168.247.135"
port => "514"
}
}
output { if [type] == "system"{
elasticsearch {
hosts => ["192.168.247.135:9200"]
index => "systemlog-%{+YYYY.MM.dd}"
}
} if [type] == "es-error"{
elasticsearch {
hosts => ["192.168.247.135:9200"]
index => "es-error-%{+YYYY.MM.dd}"
}
}
if [type] == "nginx-log"{
elasticsearch {
hosts => ["192.168.247.135:9200"]
index => "nginx-log-%{+YYYY.MM.dd}"
}
}
if [type] == "system-syslog"{
elasticsearch {
hosts => ["192.168.247.135:9200"]
index => "system-syslog-log-%{+YYYY.MM.dd}"
}
}
} #检查语法
[root@elk-node1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/elk_log.conf --configtestConfiguration OK
#后台运行
[root@elk-node1 conf.d]# ps aux|grep elk|awk '{print $2}'|xargs kill -9
kill: sending signal to 9780 failed: No such process
You have new mail in /var/spool/mail/root
[root@elk-node1 conf.d]# ps aux|grep elk|awk '{print $2}'
9785
[1]+ Killed /opt/logstash/bin/logstash -f /etc/logstash/conf.d/elk_log.conf (wd: ~)
(wd now: /etc/logstash/conf.d)
[root@elk-node1 conf.d]# ps aux|grep elk
root 9788 0.0 0.0 112704 972 pts/0 R+ 18:18 0:00 grep --color=auto elk
[root@elk-node1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/elk_log.conf &
[1] 9789
#手动添加日志
[root@elk-node1 conf.d]# logger "you hao"
[root@elk-node1 conf.d]# logger "hello world"
[root@elk-node1 conf.d]# logger "跟我一起学猫叫,一起喵喵喵"
Kibana设置
看hand插件上我们能看到system-syslog索引
Kibana上添加system-syslog索引
完美
logstash收集syslog日志的更多相关文章
- logstash收集springboot日志
logstash收集springboot日志 maven依赖 <dependency> <groupId>net.logstash.logback</groupId> ...
- logstash收集的日志输出到elasticsearch中
logstash收集的日志输出到elasticsearch中 一.需求 二.实现步骤 1.编写pipeline文件 1.`elasticsearch`配置参数解析: 2.可能会报的一个异常 2.准备测 ...
- logstash收集rsyslog日志
(1)rsyslog配置 在192.168.1.31配置 #vim /etc/rsyslog.conf *.* @@192.168.1.32:514 //所有设备名,所有日志级别都发送到192.168 ...
- logstash收集java日志,多行合并成一行
使用codec的multiline插件实现多行匹配,这是一个可以将多行进行合并的插件,而且可以使用what指定将匹配到的行与前面的行合并还是和后面的行合并. 1.java日志收集测试 input { ...
- 构建Logstash+tomcat镜像(让logstash收集tomcat日志)
1.首先pull logstash镜像作为父镜像(logstash的Dockerfile在最下面): 2.构建my-logstash镜像,使其在docker镜像实例化时,可以使用自定义的logstas ...
- Logstash收集nginx日志之使用grok过滤插件解析日志
grok作为一个logstash的过滤插件,支持根据模式解析文本日志行,拆成字段. nginx日志的配置: log_format main '$remote_addr - $remote_user [ ...
- logstash收集Nginx日志,转换为JSON格式
Nginx日志处理为JSON格式,并放置在http区块: log_format json '{"@timestamp":"$time_iso8601",' '& ...
- logstash收集nginx日志
(1)安装nginx 1.安装nginx yum install epel-release -y yum install nginx -y 2.修改日志文件格式为json #vim /etc/ngin ...
- Logstash 收集 IIS 日志
日志样例 查看 IIS 日志配置,选择格式为 W3C(默认字段设置)保存生效. 2016-02-25 01:27:04 112.74.74.124 GET /goods/list/0/1.html - ...
随机推荐
- SOP - Validation
Table of Contents目录表1 Roles and Responsibilities related to validation与验证相关的1个角色和职责2 Introduction2引言 ...
- NPOI颜色对照表
颜色对照表:颜色 测试 Class名称 short Test颜色 Black 8 Test颜色 Brown 60 Test颜色 Olive_Green 59 Test颜色 Dark_Gr ...
- 获取window.location.href中传的值,并且转换成json数据使用
做个记录保存一下,以免以后再次用到忘记了. function locVal(){ var url=window.location.href; if (url.indexOf('?')==-1)retu ...
- tensorflow学习之(十一)将python代码写入文件
#save to file import tensorflow as tf import numpy as np ##(1)Save to file 把相关变量存储到文件中 #remember to ...
- appium selenium.common.exceptions.WebDriverException: Message: Parameters were incorrect
selenium.common.exceptions.WebDriverException: Message: Parameters were incorrect. We wanted {" ...
- spring 3.1.1 mvc HanderMapping源码
https://my.oschina.net/zhangxufeng/blog/2177464 RequestMappingHandlerMapping getMappingForMethod /** ...
- idea 中dao层自动生成接口
1.在生成接口的类上右键 2.选中要生成的接口方法 3.点击Yes 4.出现(? reference in ? file)即生成成功
- Minimum setup for Apache+AD SSO
参照: http://www.grolmsnet.de/kerbtut/ https://docs.typo3.org/typo3cms/extensions/ig_ldap_sso_auth/2.1 ...
- PYTHON进阶(4)
学习内容: 1.html简介 2.html标签 3.堡垒机 一.html简介 HTML是英文Hyper Text Mark-up Language(超文本标记语言)的缩写,他是一种制作万维网页面标准语 ...
- Python序列结构--集合
集合:元素之间不允许重复 集合属于Python无序可变序列,元素之间不允许重复 集合对象的创建与删除 直接将值赋值给变量即可创建一个集合 >>> a = {3,5}>>& ...