如何部署与交换机集成的Logstash?
- By : Will
- Category : Elastic Stack

1 基础知识
一个问题,一篇文章,一出故事。
笔者最近需要配置接收交换机日志的Logstash管道,于是整理此章节。
2 最佳实践
2.1 环境信息
如果有需要,请熟悉包含Elastersearch和基本Logstash环境配置,
2.2 安装logstash
2.2.1 创建管道配置文件
cat /etc/logstash/logstash-sample.conf > /etc/logstash/conf.d/network.cmdschool.org.conf vim /etc/logstash/conf.d/network.cmdschool.org.conf
如果管道配置文件需要定义正确否则服务无法正常运行,配置修改如下,
# Sample Logstash configuration for creating a simple # Beats -> Logstash -> Elasticsearch pipeline. input { syslog { port => 5050 type => "5050" } } output { if [type] == "5050" { elasticsearch { hosts => ["http://azelasticsearch01:9200", "http://azelasticsearch02:9200", "http://azelasticsearch03:9200", "http://azelasticsearch04:9200", "http://azelasticsearch04:9200"] index => "network-%{+YYYY.MM.dd}" user => "elastic" password => "elasticpwd" } } }
配置创建后,你可以使用如下命令测试配置,
/usr/share/logstash/bin/logstash --config.test_and_exit --path.settings /etc/logstash -f /etc/logstash/conf.d/network.cmdschool.org.conf
重启服务使配置生效,
systemctl restart logstash.service
此时,服务可以正常运行,可使用如下命令查看管道的倾听端口,
for i in `pgrep -u logstash java`; do netstat -anp | grep $i; done
可见如下显示,
#... tcp6 0 0 :::5050 :::* LISTEN 47990/java udp 0 0 0.0.0.0:5050 0.0.0.0:* 47990/java #...
2.2.2 开放管道服务端口
firewall-cmd --permanent --add-port 5050/tcp --add-port 5050/udp firewall-cmd --reload firewall-cmd --list-all
2.2.3 交换机的设置
logging trap notifications logging source-interface Loopback0 logging host azlogstash.cmdschool.org transport tcp port 5050
另外,如果想使用UDP协议上传,请使用如下配置,
logging trap notifications logging source-interface Loopback0 logging host azlogstash.cmdschool.org transport udp port 5050
2.2.4 故障排查
tail -f /var/log/logstash/logstash-plain.log
注:以上监视日志,如果有日志上传,会参生新的日志。
参阅文档
=====================
软件的简介
————-
https://www.elastic.co/guide/en/logstash/current/introduction.html
https://www.elastic.co/cn/logstash
https://www.elastic.co/cn/webinars/getting-started-logstash
软件的下载
————-
https://www.elastic.co/cn/downloads/logstash
软件的安装
————-
https://www.elastic.co/guide/en/logstash/current/installing-logstash.html
logstash配置文件
—————
https://www.elastic.co/guide/en/logstash/current/config-setting-files.html
创建管道配置文件
—————–
https://www.elastic.co/guide/en/logstash/current/configuration.html
安全认证配置
—————–
https://www.elastic.co/guide/en/beats/filebeat/current/configuring-ssl-logstash.html
https://discuss.elastic.co/t/how-to-setup-filebeat-with-basic-auth-for-logstash-output/36937/16
https://www.elastic.co/guide/en/logstash/8.14/ls-security.html
https://stackoverflow.com/questions/61016614/logstash-http-input-with-multiple-basic-auth-users
参数定义
——————–
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-syslog.html#plugins-inputs-syslog-port
没有评论