碼上歡樂
相關內容    簡體    繁體

logstash收集TCP端口日志

本文轉載自   查看原文   2018-07-16 08:52   4597    ELK Stack

logstash收集TCP端口日志
官方地址:https://www.elastic.co/guide/en/logstash-versioned-plugins/current/index.html

編寫logstash文件

[root@elk-node1 conf.d]# cat tcp.conf
input{
    tcp{
    host => "192.168.247.135"
    port => "8888"
    }    
}
output{
    stdout{
    codec => "rubydebug"
        }
}
#運行
[root@elk-node1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/tcp.conf
#另開一個窗口用nc的發請求
[root@elk-node1 ~]# yum install -y nc
[root@elk-node1 ~]# nc 192.168.247.135 8888 < /etc/passwd
[root@elk-node1 ~]# echo "hehehe" > /dev/tcp/192.168.247.135/8888
#在看第一個窗口就有數據了
[root@elk-node1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/tcp.conf
Settings: Default filter workers: 1
Logstash startup completed
{
       "message" => "root:x:0:0:root:/root:/bin/bash",
      "@version" => "1",
    "@timestamp" => "2018-07-15T10:54:41.404Z",
          "host" => "192.168.247.135",
          "port" => 54202
}
{
       "message" => "bin:x:1:1:bin:/bin:/sbin/nologin",
      "@version" => "1",
    "@timestamp" => "2018-07-15T10:54:41.407Z",
          "host" => "192.168.247.135",
          "port" => 54202
}
{
       "message" => "daemon:x:2:2:daemon:/sbin:/sbin/nologin",
      "@version" => "1",
    "@timestamp" => "2018-07-15T10:54:41.407Z",
          "host" => "192.168.247.135",
          "port" => 54202
}
{
       "message" => "adm:x:3:4:adm:/var/adm:/sbin/nologin",
      "@version" => "1",
    "@timestamp" => "2018-07-15T10:54:41.407Z",
          "host" => "192.168.247.135",
          "port" => 54202
}
{
       "message" => "hehehe",
      "@version" => "1",
    "@timestamp" => "2018-07-15T10:59:41.301Z",
          "host" => "192.168.247.135",
          "port" => 55156
}
#修改下寫入es里
[root@elk-node1 conf.d]# cat tcp.conf
input{
    tcp{
    host => "192.168.247.135"
    port => "8888"
    type => "tcp"
    }    
}
output{
    if [type] == "tcp"{
        elasticsearch {
           hosts => ["192.168.247.135:9200"]
           index => "tcp-log-%{+YYYY.MM.dd}"
        }
    }

}
[root@elk-node1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/tcp.conf --configtest
Configuration OK
#放入后台運行
[root@elk-node1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/tcp.conf &
#轉點數據過去
[root@elk-node1 ~]# nc 192.168.247.135 8888 < /etc/passwd

 Kibana配置

es的hand插件已經有了tcp-log的索引

數據瀏覽

kibana添加tcp-log索引

 

 








免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 logstash收集TCP與UDP日志 ELK之四-----logstash收集nginx日志及tcp日志 logstash收集syslog日志 5.通過logstash收集日志(一) logstash收集nginx訪問日志 Logstash收集Tomcat訪問日志 Logstash收集日志寫入Redis Logstash收集nginx訪問日志和錯誤日志 Logstash收集日志(用法示例大全) 單個logstash文件收集多個filebeat日志
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM