yum install java,java环境需要
关闭防火墙及selinux
结果:
https://blog.csdn.net/jeikerxiao/article/details/84403437
重命名
mv logstash-6.5.2 logstash
修改配置文件
进入配置文件目录
? cd /opt/software/logstash/config
查看配置文件
? ls
jvm.options logstash-sample.conf pipelines.yml
log4j2.properties logstash.yml startup.options
复制配置文件
? cp logstash-sample.conf syslog.conf
修改
# 定义日志源
input {
syslog {
type => "system-syslog" # 定义类型
port => 10514 # 定义监听端口
}
}
# 定义日志输出
output {
stdout {
codec => rubydebug # 将日志输出到当前的终端上显示
}
}
验证配置文件
? ./logstash --path.settings /opt/software/logstash/config/ -f /opt/software/logstash/config/syslog.conf --config.test_and_exit
1
正确输出如下:
Sending Logstash logs to /opt/software/logstash/logs which is now configured via log4j2.properties
[2018-11-23T09:28:36,184][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
Configuration OK
[2018-11-23T09:28:38,630][INFO ][logstash.runner ] Using config.test_and_exit mode. Config Validation Result: OK. Exiting Logstash
看到 Configuration OK 可以知道我们的配置没有问题。
命令说明:
--path.settings 用于指定logstash的配置文件所在的目录
-f 指定需要被检测的配置文件的路径
--config.test_and_exit 指定检测完之后就退出,不然就会直接启动了
设置数据源日志输出
配置服务器的ip以及配置的监听端口
? vim /etc/rsyslog.conf
去除注释,增加自己服务器IP:
### RULES ####
*.* @@192.168.0.514:10514
重启rsyslog,让配置生效:
? systemctl restart rsyslog
1
启动Logstash
指定配置文件,启动logstash:
? cd /opt/software/logstash/bin
1
? ./logstash --path.settings /opt/software/logstash/config/ -f /opt/software/logstash/config/syslog.conf
1
打开新终端检查一下10514端口是否已被监听:
? netstat -lntp |grep 10514
tcp 0 0 0.0.0.0:10514 0.0.0.0:* LISTEN 14580/java
{
"@version" => "1",
"@timestamp" => 2018-11-23T01:44:48.000Z,
"priority" => 86,
"logsource" => "iZbp18jvb8bcz1z6pqd27",
"pid" => "14632",
"message" => "Accepted publickey for root from 113.240.229.5 port 3780 ssh2: RSA 05:4c:4d:59:0d:bd:12:a2:8c:b6:4d:96:29:78:19:43\n",
"type" => "system-syslog",
"severity_label" => "Informational",
"program" => "sshd",
"severity" => 6,
"facility" => 10,
"host" => "192.168.0.514",
"timestamp" => "Nov 23 09:44:48",
"facility_label" => "security/authorization"
}
{
"@version" => "1",
"@timestamp" => 2018-11-23T01:44:48.000Z,
"priority" => 86,
"logsource" => "iZbp18jvb8bcz1z6pqd27",
"pid" => "14632",
"message" => "pam_unix(sshd:session): session opened for user root by (uid=0)\n",
"type" => "system-syslog",
"severity_label" => "Informational",
"program" => "sshd",
"severity" => 6,
"facility" => 10,
"host" => "192.168.0.514",
"timestamp" => "Nov 23 09:44:48",
"facility_label" => "security/authorization"
}
阅读(1626) | 评论(0) | 转发(0) |