LogStash安装使用

1、下载LogStash的rpm包:

wget https://artifacts.elastic.co/downloads/logstash/logstash-7.4.2.rpm

2. 安装elasticsearch

rpm install -y logstash-7.4.2.rpm

3. 重要参数

-f   指定配置文件路径
-t   测试
-e   直接执行shell命令  标准输入测试 “input{ stdin { type => stdin }}”
                      标准输出测试 "output{ stdout { codec => rubydebug }}"
/usr/share/logstash/bin/logstash -e 'input { stdin { type=> tdin }} output{ stdout { codec => rubydebug }}'   

 4 系统日志收集

cat /etc/logstash/conf.d/systemlog.conf
input {
  file {
    type => "messagelog-5612"
    path => "/var/log/message"
    start_position => "beginning"
    stat_interval => "5"
  }
}

output {
   elasticsearch {
     hosts => ["192.168.56.12:9200"]
     index => "logstash-system-log-5612-%{+YYYY.MM.dd}"
  }
}

5. 检测语法是否正确

 /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/systemlog.conf -t

6.启动logstash配置权限 然后就可在es上查看到收集的日志了

chown 644 /var/log/messages
sysytemctl start logstash

 

posted @ 2019-11-27 12:50  Richie`  阅读(404)  评论(0编辑  收藏  举报