码上快乐

相关内容   简体   繁体

8.logstash收集syslog日志

本文转载自  查看原文  2018-04-24 10:03  1843    ELK
vim syslog.conf
input {
  syslog {
    type => "system-syslog"
host => "192.168.56.11"
port => "514"
  }
}
output {
stdout {
 codec => "rubydebug"
}  
}
/opt/logstash/bin/logstash -f syslog.conf
 
这段input的含义是在我本机192.168.56.11上开启一个514号端口,进行监听
 
vim /etc/rsyslog.conf
最后一行添加
*.* @@192.168.56.11:514 代表我把我本机的所有的由rsyslog进程管理的系统日志都传给192.168.56.11的514号端口进行接收
systemctl rsyslog restart
 
 
 
加入到all.conf
vim logstash_nginx.conf
input {
  syslog {
    type => "system-syslog"
host => "192.168.56.11"
port => "514"
  }
  file {
    path => "/var/log/messages"
    type => "system"
    start_position => "beginning"
  }
  file {
    path => "/var/log/nginx/access_json.log"
    codec => "json"
 start_position => "beginning"
type => "nginx-log"  
}
  file {
    path => "/var/log/elasticsearch/kye.log"
    type => "es-error"
    start_position => "beginning"
    codec => multiline{
pattern => "^\["
negate => "true"
what => "previous"
}
  }
}
output {
if [type] == "system"{
elasticsearch {
 hosts => ["192.168.56.11:9200"]
 index => "system-%{+YYYY.MM.dd}"
}  
}
if [type] == "es-error"{
elasticsearch {
 hosts => ["192.168.56.11:9200"]
 index => "es-error-%{+YYYY.MM.dd}"
}  
}
if [type] == "nginx-log"{
elasticsearch {
 hosts => ["192.168.56.11:9200"]
 index => "nginx-log-%{+YYYY.MM.dd}"
}  
}
if [type] == "system-sysylog"{
elasticsearch {
 hosts => ["192.168.56.11:9200"]
 index => "system-syslog-%{+YYYY.MM.dd}"
}  
}
}
 
/opt/logstash/bin/logstash -f all.conf
手工写了几个hehe到系统日志
kibana里面可以看到几个hehe
 


免责声明!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系本站邮箱yoyou2525@163.com删除。



猜您在找 logstash收集syslog日志 syslog+rsyslog+logstash+elasticsearch+kibana搭建日志收集 Syslog和Windows事件日志收集 logstash收集springboot日志 5.通过logstash收集日志(一) logstash通过redis收集日志 通过logstash收集日志(三) Logstash收集Tomcat日志 Logstash收集TCP/UDP日志 logstash收集TCP与UDP日志
 
粤ICP备18138465号  © 2018-2025 CODEPRJ.COM