如何部署与交换机集成的Logstash?

Elastic Stack

1 基础知识

一个问题,一篇文章,一出故事。
笔者最近需要配置接收交换机日志的Logstash管道,于是整理此章节。

2 最佳实践

2.1 环境信息

如果有需要,请熟悉包含Elastersearch和基本Logstash环境配置,

如何部署带安全认证的Logstash?

2.2 安装logstash

2.2.1 创建管道配置文件

cat /etc/logstash/logstash-sample.conf > /etc/logstash/conf.d/network.cmdschool.org.conf 
vim /etc/logstash/conf.d/network.cmdschool.org.conf

如果管道配置文件需要定义正确否则服务无法正常运行,配置修改如下,

# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.

input {
  syslog {
        port => 5050
        type => "5050"
  }
}

output {
  if [type] == "5050" {
    elasticsearch {
      hosts => ["http://azelasticsearch01:9200", "http://azelasticsearch02:9200", "http://azelasticsearch03:9200", "http://azelasticsearch04:9200", "http://azelasticsearch04:9200"]
      index => "network-%{+YYYY.MM.dd}"
      user => "elastic"
      password => "elasticpwd"
    }
  }
}

配置创建后,你可以使用如下命令测试配置,

/usr/share/logstash/bin/logstash --config.test_and_exit --path.settings /etc/logstash -f /etc/logstash/conf.d/network.cmdschool.org.conf

重启服务使配置生效,

systemctl restart logstash.service

此时,服务可以正常运行,可使用如下命令查看管道的倾听端口,

for i in `pgrep -u logstash java`; do netstat -anp | grep $i; done

可见如下显示,

#...         
tcp6       0      0 :::5050                 :::*                    LISTEN      47990/java                
udp        0      0 0.0.0.0:5050            0.0.0.0:*                           47990/java             
#...

2.2.2 开放管道服务端口

firewall-cmd --permanent --add-port 5050/tcp --add-port 5050/udp
firewall-cmd --reload
firewall-cmd --list-all

2.2.3 交换机的设置

logging trap notifications
logging source-interface Loopback0
logging host azlogstash.cmdschool.org transport tcp port 5050

另外,如果想使用UDP协议上传,请使用如下配置,

logging trap notifications
logging source-interface Loopback0
logging host azlogstash.cmdschool.org transport udp port 5050

参阅文档
=====================

软件的简介
————-
https://www.elastic.co/guide/en/logstash/current/introduction.html
https://www.elastic.co/cn/logstash
https://www.elastic.co/cn/webinars/getting-started-logstash

软件的下载
————-
https://www.elastic.co/cn/downloads/logstash

软件的安装
————-
https://www.elastic.co/guide/en/logstash/current/installing-logstash.html

logstash配置文件
—————
https://www.elastic.co/guide/en/logstash/current/config-setting-files.html

创建管道配置文件
—————–
https://www.elastic.co/guide/en/logstash/current/configuration.html

安全认证配置
—————–
https://www.elastic.co/guide/en/beats/filebeat/current/configuring-ssl-logstash.html
https://discuss.elastic.co/t/how-to-setup-filebeat-with-basic-auth-for-logstash-output/36937/16
https://www.elastic.co/guide/en/logstash/8.14/ls-security.html
https://stackoverflow.com/questions/61016614/logstash-http-input-with-multiple-basic-auth-users

参数定义
——————–
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-syslog.html#plugins-inputs-syslog-port

没有评论

发表回复

Bash
如何用Tigase监控Elasticsearch集群?

1 前言 一个问题,一篇文章,一出故事。 笔者生产中有一套Elasticsearch集群,笔者为了能 …

Bash
如何用Base Shell获取ES集群状态?

1 前言 一个问题,一篇文章,一出故事。 笔者想要通过Base Shell获取Elasticsear …

Elastic Stack
如何获取Elasticsearch整体资源情况?

1 前言 一个问题,一篇文章,一出故事。 笔者想要整理获取ELK(Elasticsearch、Log …