ELK收集网络日志配置

代理filebeat配置文件:

 

 logstash配置文件:

input {

kafka {
codec => json
bootstrap_servers => "FH-UMP-ELK-VIP:9092"
topics => ["FH-UMP-PORTAL1-NCOLOG"]

}

}


filter{
mutate{
add_field =>{
"hostname" => "%{[beat][name]}"
}
remove_field => ["beat","offset","version","IP"]
rename =>{"source" => "logpath"}
}
grok {
match => { "message" => "%{DATA:time}%{IPV4:client_id_address}\s+%{WORD:name}:\s+(?<info>.*)"}
}

}


output {
if "FH-UMP-PORTAL1" not in [message] or "FH-UMP-PORTAL2" not in [message] or "FH-UMP-ZABBIX1" not in [message] or "FH-UMP-ZABBIX2" not in [me
ssage] {

elasticsearch {
hosts => ["FH-UMP-ELK-VIP:9200"]
index => "网络设备日志-wlsbrz-%{+YYYY.MM.dd}"
codec => json
}

}
}

posted @ 2020-01-20 14:40  呼长喜  阅读(621)  评论(0)    收藏  举报