cd /opt
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.5.2.tar.gz
tar -zxvf logstash-6.5.2.tar.gz
mv logstash-6.5.2 logstash
cd /opt/logstash/config
cp logstash-sample.conf syslog.conf
vi syslog.conf
正确输出如下:
Sending Logstash logs to /opt/software/logstash/logs which is now configured via log4j2.properties
[2018-11-23T09:28:36,184][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
Configuration OK
[2018-11-23T09:28:38,630][INFO ][logstash.runner ] Using config.test_and_exit mode. Config Validation Result: OK. Exiting Logstash
--config.test_and_exit 指定检测完之后就退出,不然就会直接启动了
# 配置服务器的ip以及配置的监听端口
vim /etc/rsyslog.conf
# 增加自己的服务器IP
#### RULES ####
*.* @@xxx.xxx.xxx.xxx:10514
ps. 上面xxx.xxx.xxx.xxx需要替换成自己服务器的IP地址