Logstash 日志管理工具-睿象云平台

Logstash 日志管理工具

本站部分文章、图片属于网络上可搜索到的公开信息，均用于学习和交流用途，不能代表睿象云的观点、立场或意见。我们接受网民的监督，如发现任何违法内容或侵犯了您的权益，请第一时间联系小编邮箱jiasou666@gmail.com 处理。

Logstash 日志管理工具

Logstash是一个开源的日志管理工具。

Logstash安装使用以下组件：

服务端：

fqdn: dev.kanbier.lan (should be resolvable!)ip: 10.37.129.8

安装所需的软件

作者更喜欢使用RPM包来安装软件，要注意版本号，不要去追求时髦用最新的最伟大的，Elasticsearch的版本应该匹配Logstash的版本。

启用Kibana

我们需要告诉Kibana在哪里可以找到elasticsearch。打开配置文件并修改elasticsearch参数：

$ vi /usr/share/kibana3/config.js

1	$vi/usr/share/kibana3/config.js

搜索“elasticsearch”参数，并对其进行修改以适应您的环境：

您还可以修改default_route参数，默认打开logstash仪表板而不是Kibana欢迎页面：

default_route     : '/dashboard/file/logstash.json',

1	default_route:'/dashboard/file/logstash.json',

通过web界面访问：

nginx配置如下：

配置redis

$ vi /etc/redis.confbind 10.37.129.8

1 2	$vi/etc/redis.conf bind10.37.129.8

配置Logstash

从 /var/log目录读取文件打开5544端口以启用直接接收远程系统日志消息告诉logstash，利用本身的elasticsearch而不是嵌入的

启动服务

$ service redis start; chkconfig redis on$ service elasticsearch start; chkconfig --add elasticsearch; chkconfig elasticsearch on$ service logstash start; chkconfig logstash on$ service nginx start; chkconfig nginx on

$service redis start;chkconfig redis on

$service elasticsearch start;chkconfig--add elasticsearch;chkconfig elasticsearch on

$service logstash start;chkconfig logstash on

$service nginx start;chkconfig nginx on

对于rsyslog现在你可以将这些行添加到/ etc/ rsyslog.conf

# ### begin forwarding rule #### The statement between the begin ... end define a SINGLE forwarding# rule. They belong together, do NOT split them. If you create multiple# forwarding rules, duplicate the whole block!# Remote Logging (we use TCP for reliable delivery)## An on-disk queue is created for this action. If the remote host is# down, messages are spooled to disk and sent when it is up again.$WorkDirectory /var/lib/rsyslog # where to place spool files$ActionQueueFileName fwdRule1 # unique name prefix for spool files$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)$ActionQueueSaveOnShutdown on # save messages to disk on shutdown$ActionQueueType LinkedList # run asynchronously$ActionResumeRetryCount -1 # infinite retries if host is down# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional*.* @@10.37.129.8:5544# ### end of the forwarding rule ###

# ### begin forwarding rule ###

# The statement between the begin ... end define a SINGLE forwarding

# rule. They belong together, do NOT split them. If you create multiple

# forwarding rules, duplicate the whole block!

# Remote Logging (we use TCP for reliable delivery)

# An on-disk queue is created for this action. If the remote host is

# down, messages are spooled to disk and sent when it is up again.

$WorkDirectory/var/lib/rsyslog# where to place spool files

$ActionQueueFileName fwdRule1# unique name prefix for spool files

$ActionQueueMaxDiskSpace1g# 1gb space limit (use as much as possible)

$ActionQueueSaveOnShutdown on# save messages to disk on shutdown

$ActionQueueType LinkedList# run asynchronously

$ActionResumeRetryCount-1# infinite retries if host is down

# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional

*.*@@10.37.129.8:5544

# ### end of the forwarding rule ###

如果有防火墙需要放开这些端口：

port 80 (for the web interface)port 5544 (to receive remote syslog messages)port 6379 (for the redis broker)port 9200 (so the web interface can access elasticsearch)