一 簡介:
通過logstash的tcp/udp插件收集日志,通常用於在向elasticsearch日志補錄丟失的部分日志,可以將丟失的日志通過一個TCP端口直接寫入到elasticsearch服務器。
二 編寫Logstash TCP收集配置文件
[root@localhost ~]# cat /etc/logstash/conf.d/tcp.conf input { tcp { port => "9900" type => "tcplog" } } output { elasticsearch { hosts => ["192.168.10.10:9200"] index => "logstash-tcplog-test-%{+YYYY.MM.dd}" } }
[root@localhost ~]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/tcp.conf -t
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
Configuration OK
[root@localhost ~]# systemctl restart logstash.service
三 驗證
NetCat簡稱nc,其功能實用,是一個簡單、可靠的網絡工具,可通過TCP或UDP協議傳輸讀寫數據,另外還具有很多其他功能。
[root@Docker ~]# yum -y install nc [root@Docker ~]# echo "test" | nc 192.168.10.172 9900
