1、下载LogStash的rpm包:
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.4.2.rpm
2. 安装elasticsearch
rpm install -y logstash-7.4.2.rpm
3. 重要参数
-f 指定配置文件路径 -t 测试 -e 直接执行shell命令 标准输入测试 “input{ stdin { type => stdin }}” 标准输出测试 "output{ stdout { codec => rubydebug }}"
/usr/share/logstash/bin/logstash -e 'input { stdin { type=> tdin }} output{ stdout { codec => rubydebug }}'
4 系统日志收集
cat /etc/logstash/conf.d/systemlog.conf input { file { type => "messagelog-5612" path => "/var/log/message" start_position => "beginning" stat_interval => "5" } } output { elasticsearch { hosts => ["192.168.56.12:9200"] index => "logstash-system-log-5612-%{+YYYY.MM.dd}" } }
5. 检测语法是否正确
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/systemlog.conf -t
6.启动logstash配置权限 然后就可在es上查看到收集的日志了
chown 644 /var/log/messages
sysytemctl start logstash