Logstash是一个开源的日志管理工具。项目地址:http://logstash.net/Logstash安装使用以下组件: Logstash Elasticsearch Redis Nginx Kibana 服务端: fqdn: dev.kanbier.lan (should be resolvable!) ip: 10.37.129.8 安装所需的软件 作者更喜欢使用RPM包
Logstash是一个开源的日志管理工具。 项目地址:http://logstash.net/ Logstash安装使用以下组件:$ vi /etc/yum.repos.d/logstash.repo [logstash-1.4] name=logstash repository for 1.4.x packages baseurl=http://packages.elasticsearch.org/logstash/1.4/centos gpgcheck=1 gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearch enabled=1 $ vi /etc/yum.repos.d/elasticsearch.repo [elasticsearch-1.0] name=Elasticsearch repository for 1.0.x packages baseurl=http://packages.elasticsearch.org/elasticsearch/1.0/centos gpgcheck=1 gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearch enabled=1 $ vi /etc/yum.repos.d/nginx.repo [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=0 enabled=1 $ rpm -Uvh http://mirror.1000mbps.com/fedora-epel/6/i386/epel-release-6-8.noarch.rpm $ yum -y install elasticsearch redis nginx logstash
$ wget https://download.elasticsearch.org/kibana/kibana/kibana-3.0.0.tar.gz $ tar -xvzf kibana-3.0.0.tar.gz $ mv kibana-3.0.0 /usr/share/kibana3
$ vi /usr/share/kibana3/config.js
elasticsearch: "http://dev.kanbier.lan:9200",
default_route : '/dashboard/file/logstash.json',
$ wget https://raw.github.com/elasticsearch/kibana/master/sample/nginx.conf $ mv nginx.conf /etc/nginx/conf.d/ $ vi /etc/nginx/conf.d/nginx.conf server_name dev.kanbier.lan;
$ vi /etc/redis.conf bind 10.37.129.8
$ vi /etc/logstash/conf.d/logstash-complex.conf
input {
file {
type => "syslog"
# Wildcards work, here
path => [ "/var/log/*.log", "/var/log/messages", "/var/log/syslog" ]
sincedb_path => "/opt/logstash/sincedb-access"
}
redis {
host => "10.37.129.8"
type => "redis-input"
data_type => "list"
key => "logstash"
}
syslog {
type => "syslog"
port => "5544"
}
}
filter {
grok {
type => "syslog"
match => [ "message", "%{SYSLOGBASE2}" ]
add_tag => [ "syslog", "grokked" ]
}
}
output {
elasticsearch { host => "dev.kanbier.lan" }
}$ service redis start; chkconfig redis on $ service elasticsearch start; chkconfig --add elasticsearch; chkconfig elasticsearch on $ service logstash start; chkconfig logstash on $ service nginx start; chkconfig nginx on
# ### begin forwarding rule ### # The statement between the begin ... end define a SINGLE forwarding # rule. They belong together, do NOT split them. If you create multiple # forwarding rules, duplicate the whole block! # Remote Logging (we use TCP for reliable delivery) # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. $WorkDirectory /var/lib/rsyslog # where to place spool files $ActionQueueFileName fwdRule1 # unique name prefix for spool files $ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) $ActionQueueSaveOnShutdown on # save messages to disk on shutdown $ActionQueueType LinkedList # run asynchronously $ActionResumeRetryCount -1 # infinite retries if host is down # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional *.* @@10.37.129.8:5544 # ### end of the forwarding rule ###
如果有防火墙需要放开这些端口:
译自:http://www.denniskanbier.nl/blog/logging/installing-logstash-on-rhel-and-centos-6/
原文地址:Logstash 日志管理工具, 感谢原作者分享。
So beheben Sie den Fehler 443
Welche Software gibt es zum Erlernen von Python?
Verwendung des Velocitytrackers
Es ist nicht möglich, das Standard-Gateway des Computers zu reparieren
So installieren Sie das Computersystem neu
Lösung für die Blockierung von Google Mail
Tools zur Talentbewertung
Verwendung der Snoopy-Klasse in PHP
![[Web-Frontend] Node.js-Schnellstart](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
