preface
tcp模塊的使用場景如下: 有一台服務器A只需要收集一個日志,那么我們就可以不需要在這服務器上安裝logstash,我們通過在其他logstash上啟用tcp模塊,監聽某個端口,然后我們在這個服務器A把日志通過nc發送到logstash上即可。
tcp模塊的使用
在linux-node2上操作
我們參考官網的資料:https://www.elastic.co/guide/en/logstash/2.3/plugins-inputs-tcp.html
下面就配置下這個logstash的配置
[root@linux-node2 ~]# cat /etc/logstash/conf.d/tcp.conf
input {
tcp {
type => "tcp"
port => "6666"
mode => "server"
}
}
filter {
}
output {
stdout {
codec => rubydebug
}
}
確認配置文件無誤且6666端口未被占用,那么啟動logstash
[root@linux-node2 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/tcp.conf
確保監聽了6666端口
[root@linux-node2 ~]# netstat -nplt |grep 6666
tcp 0 0 :::6666 :::* LISTEN 38047/java
發送日志到logstash的6666端口
linux-node1上操作。
我們通過nc來發送日志,所以先確保nc安裝好了。
[root@linux-node1 ~]# yum -y install nc
通過nc發送日志,下面兩種方式任選一種即可:
[root@linux-node1 ~]# cat /tmp/yum_save_tx-2016-12-08-07-03_CKPSb.yumtx |nc 192.168.141.4 6666
[root@linux-node1 ~]# nc 192.168.141.4 6666 < /tmp/yum_save_tx-2016-12-08-07-11oupqpM.yumtx
也可以通過這種方式偽設備的方式發送日志:
[root@linux-node1 ~]# echo "what the fuck" >/dev/tcp/192.168.141.4/6666
我們切換到linux-node2終端上查看,確實有日志輸出了,如下所示:
[root@linux-node2 conf.d]# /opt/logstash/bin/logstash -f tcp.conf
Settings: Default pipeline workers: 2
Pipeline main started
{
"message" => "931:e004f280ad535bc891439aca30a0a889ec7c5ec7",
"@version" => "1",
"@timestamp" => "2016-12-11T03:08:00.744Z",
"host" => "192.168.141.3",
"port" => 33616,
"type" => "tcp"
}
{
"message" => "0",
"@version" => "1",
"@timestamp" => "2016-12-11T03:08:00.746Z",
"host" => "192.168.141.3",
"port" => 33616,
"type" => "tcp"
}
。。。。。