阿里云搭建logsatsh+filebeat
部署logstash配置
logstash配置loaf文件启动
input {
# 从文件读取日志信息 输送到控制台
beats {
port => “5044”
}
#file {
# path => “/tools/tomcat/apache-tomcat-8.5.46/bin/log/sys.log”
#codec => “json” ## 以JSON格式读取日志
# type => “elasticsearch”
# start_position => “beginning”
#}
}
output {
# 标准输出
# stdout {}
# 输出进行格式化,采用Ruby库来解析日志
stdout { codec => rubydebug }
}
logstash启动
1.默认配置了5044端口,使用阿里云服务器需添加安全组规则,开启对应端口
进入bin目录,启动命令:
./logstash -f …/config/XX.conf
部署filebeat配置
filebeat配置
1.配置filebeat.yml,配置input输入,修改paths为目录提取源路径
// An highlighted block
#=========================== Filebeat inputs =============================
filebeat.inputs:
# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.
- type: log
# Change to true to enable this input configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /tools/tomcat/apache-tomcat-8.5.46/bin/log/sys.log
#- c:\programdata\elasticsearch\logs\*
# Exclude lines. A list of regular expressions to match. It drops the lines that are
# matching any regular expression from the list.
#exclude_lines: ['^DBG']
2.filebeat默认传输到elasticsearch,所以需要注释掉这一部分代码
下面展示一些 内联代码片
。
#==================== Elasticsearch template setting ==========================
#setup.template.settings:
# index.number_of_shards: 3
#index.codec: best_compression
#_source.enabled: false
3.输出项有几种输出方式,同样需要注释掉elasticsearch部分代码
#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
# Array of hosts to connect to.
#hosts: ["localhost:9200"]
# Optional protocol and basic auth credentials.
#protocol: "https"
#username: "elastic"
#password: "changeme"
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["logstash服务器ip:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
filebeat启动
1.进入bin目录,启动命令:
nohup ./filebeat -e -c filebeat.yml &