logstash收集syslog日志
logstash收集syslog日志
注意:生产用syslog收集日志!!!
编写logstash配置文件
#首先我用rubydebug测试数据 [root@elk-node1 conf.d]# cat syslog.conf input{syslog{type => "system-syslog"host => "192.168.247.135"port => "514" } } output{stdout{codec => "rubydebug" } #检查语法 [root@elk-node1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/syslog.conf --configtest Configuration OK You have new mail in /var/spool/mail/root [root@elk-node1 ~]# ss -lntp|grep 514 LISTEN 0 50 ::ffff:192.168.247.135:514 :::* users:(("java",pid=9605,fd=14)) #修改rsyslog配置文件让其能访问 [root@elk-node1 ~]# vim /etc/rsyslog.conf *.* @@192.168.247.135:514 [root@elk-node1 ~]# systemctl restart rsyslog [root@elk-node1 ~]# #运行测试 [root@elk-node1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/syslog.conf Settings: Default filter workers: 1 Logstash startup completed {"message" => "Registered Authentication Agent for unix-process:9680:2638370 (system bus name :1.490 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)\n","@version" => "1","@timestamp" => "2018-07-15T10:08:58.000Z","type" => "system-syslog","host" => "192.168.247.135","priority" => 85,"timestamp" => "Jul 15 18:08:58","logsource" => "elk-node1","program" => "polkitd","pid" => "686","severity" => 5,"facility" => 10,"facility_label" => "security/authorization","severity_label" => "Notice" } #添加到elk-log.yml文件 [root@elk-node1 conf.d]# cat elk_log.conf input {file {path => "/var/log/messages"type => "system"start_position => "beginning"}file {path => "/var/log/elasticsearch/hejianlai.log"type => "es-error"start_position => "beginning"codec => multiline {pattern => "^\["negate => truewhat => "previous"}}file {path => "/var/log/nginx/access_json.log"codec => jsonstart_position => "beginning"type => "nginx-log"}syslog{type => "system-syslog"host => "192.168.247.135"port => "514" } } output {if [type] == "system"{elasticsearch {hosts => ["192.168.247.135:9200"]index => "systemlog-%{+YYYY.MM.dd}"}}if [type] == "es-error"{elasticsearch {hosts => ["192.168.247.135:9200"]index => "es-error-%{+YYYY.MM.dd}"}}if [type] == "nginx-log"{elasticsearch {hosts => ["192.168.247.135:9200"]index => "nginx-log-%{+YYYY.MM.dd}"}}if [type] == "system-syslog"{elasticsearch {hosts => ["192.168.247.135:9200"]index => "system-syslog-log-%{+YYYY.MM.dd}"}} }#检查语法 [root@elk-node1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/elk_log.conf --configtestConfiguration OK #后台运行 [root@elk-node1 conf.d]# ps aux|grep elk|awk '{print $2}'|xargs kill -9 kill: sending signal to 9780 failed: No such process You have new mail in /var/spool/mail/root [root@elk-node1 conf.d]# ps aux|grep elk|awk '{print $2}' 9785 [1]+ Killed /opt/logstash/bin/logstash -f /etc/logstash/conf.d/elk_log.conf (wd: ~) (wd now: /etc/logstash/conf.d) [root@elk-node1 conf.d]# ps aux|grep elk root 9788 0.0 0.0 112704 972 pts/0 R+ 18:18 0:00 grep --color=auto elk [root@elk-node1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/elk_log.conf & [1] 9789 #手动添加日志 [root@elk-node1 conf.d]# logger "you hao" [root@elk-node1 conf.d]# logger "hello world" [root@elk-node1 conf.d]# logger "跟我一起学猫叫,一起喵喵喵"
Kibana设置
看hand插件上我们能看到system-syslog索引
Kibana上添加system-syslog索引
完美
转载于:https://www.cnblogs.com/Dev0ps/p/9314481.html
logstash收集syslog日志相关推荐
- logstash收集nginx日志
1.配置nginx日志 编辑nginx.conf文件 vim /etc/nginx/nginx.conf 在http节点下配置如下 log_format json '{"@timestamp ...
- ELK下logstash收集java日志,多行合并成一行
介绍 使用codec的multiline插件实现多行匹配,这是一个可以将多行进行合并的插件,而且可以使用what指定将匹配到的行与前面的行合并还是和后面的行合并. 1.java日志收集测试 input ...
- filebeat+logstash收集错误日志发送邮件提醒
filebeat+logstash收集错误日志发送邮件提醒 典型ELK应用架构 因为只收集错误日志并且数据量并不是非常大所以简化流程 使用filebeat+logstash发送异常日志 软件 版本 说 ...
- logstash收集java日志,多行合并成一行
使用codec的multiline插件实现多行匹配,这是一个可以将多行进行合并的插件,而且可以使用what指定将匹配到的行与前面的行合并还是和后面的行合并. 1.java日志收集测试 input {s ...
- logstash 收集windows日志--解决日志不能重命名问题
logstash 在windows中收集日志的时候,会导致写日志的程序不能进行日志的切割(windows提示,文件被占用) 从github上下载useJavatoOpenFile https:/ ...
- logstash收集tomcat日志
目录 简介 JULI 组件的Handler与Formatter 修改tomcat控制台日志 修改tomcat访问access日志修改为json格式 修改tomcat其他日志 简介 Tomcat 的内部 ...
- CentOS下ELK收集Nginx日志
1. ELK收集Nginx普通格式的日志 1.1 测试服务器架构 1.2 ab工具使用 yum install httpd-tools -y# -n 总共发送多少条请求,注意,最后"/&qu ...
- centos7 单机安装ELK7收集nginx日志 无坑版,肯定出图
系统:centos7 ELK版本:7.8.0 java环境:11 1. 配置JDK #配置JDK11 mkdir /root/source/cd /root/sourcewget https://re ...
- VCenter配置ESXI主机syslog日志收集
VCenter配置ESXI主机syslog日志收集 https://blog.51cto.com/zhsoft/1896310 1进入VCenter虚拟机控制台,查看syslog服务是否启动: 2如V ...
最新文章
- python使用matplotlib可视化、自定义Y轴轴标签刻度旋转的角度(customize degree rotating axis tick labels in matplotlib)
- 怎么访问和java包同级的文件_JAVA程序员谈几种访问文件的方式
- after exercise
- 自动发送邮件(整理版)
- Redis简单案例(四) Session的管理
- RT-Thread中自定义MSH命令传入的参数是字符串,需用户自行检查和解析
- 科目三电子路考易错细节总结
- Github:深度学习文本检测识别(OCR)精选资源汇总
- 10_Shell语言———I/O重定向详解
- Matplotlib 中文用户指南 4.5 标注
- yii2 controller 接收get形式传输过来的参数
- 修改Windows登陆时显示上一次登陆的用户名
- MPFlipViewController
- call stack是什么错误_17.2 错误处理
- 实现Ajax异步的layui分页
- overlay/static/register/atuo/extern/volatile/const 修饰符的用法
- 通过PCF8591读取电压值(AD转换)
- Linux LVM卷组恢复过程记录
- ArcGIS API for JavaScript学习笔记(1)API本地部署
- 2020上半年总结:逆势上行与困顿迷茫
热门文章
- android键盘多线程bug,按键精灵多线程运用,检测卡死线程,短信api调用,通知功能...
- MYSQL 单表一对多查询,将多条记录合并成一条记录
- vue中element-ui table滚动加载
- swoole 类中使用定时器
- Lucene就是这么简单
- cocos2dx[3.2](11)——新回调函数std::bind
- Android graphic: bitmap and it's principle
- MFC中使用TAB Control控件
- Windows Phone 7三触控程序开发
- 第二课 每天努力一点点【Linux培训实录】