1、安装logstash
2、监控/home/elk/test.log文件
[root@VM-16-11-centos logstash-8.12.2]#
[root@VM-16-11-centos logstash-8.12.2]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 8500
inet 10.206.16.11 netmask 255.255.240.0 broadcast 10.206.31.255
inet6 fe80::5054:ff:fe3d:aa2c prefixlen 64 scopeid 0x20<link>
ether 52:54:00:3d:aa:2c txqueuelen 1000 (Ethernet)
RX packets 347139 bytes 450669480 (429.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 176021 bytes 15721215 (14.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 24 bytes 1200 (1.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24 bytes 1200 (1.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@VM-16-11-centos logstash-8.12.2]#
[root@VM-16-11-centos logstash-8.12.2]#
[root@VM-16-11-centos logstash-8.12.2]# cat a.conf
input {
file {
path => "/home/elk/test.log"
start_position => "beginning"
add_field => [ "[@metadata][zabbix_key]" , "key.log.error" ]
add_field => [ "[@metadata][zabbix_host]" , "pwcc" ]
}
}
output {
if [message] =~ /(error|ERROR|Failed|failed)/ {
stdout { codec => rubydebug }
zabbix {
zabbix_host => "[@metadata][zabbix_host]"
zabbix_key => "[@metadata][zabbix_key]"
zabbix_server_host => "10.206.16.3"
zabbix_server_port => "10051"
zabbix_value => "message"
}
}
}
[root@VM-16-11-centos logstash-8.12.2]#
3、有error 就告警
![]()
![]()
![]()
![]()
![]()
浙公网安备 33010602011771号