Last active
August 29, 2015 14:12
-
-
Save frankel/1a81103dc8c2fb5e1f33 to your computer and use it in GitHub Desktop.
如何正确配置logstash和logstash-forwarder
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
参考文章: | |
https://www.digitalocean.com/community/tutorials/how-to-use-logstash-and-kibana-to-centralize-and-visualize-logs-on-ubuntu-14-04 | |
logstash | |
http://logstash.net/ | |
logstash-forwarder | |
https://github.com/elasticsearch/logstash-forwarder | |
在接收log的服务器上安装logstash,简称ServerA | |
在发送log的服务器上安装logstash-forwarder,简称ServerB | |
启动命令: | |
logstash -f /root/opt/logstash-1.4.2/conf/logstash.conf -- web WALKER(ServerA) | |
logstash_forward -config /root/opt/logstash-forwarder/conf/logstash-forward.conf STAGING(ServerB) | |
ssl key pair 存放在 /etc/pki/tls/certs 和 /etc/pki/tls/private 目录下 | |
logstash.conf 的内容大致如下: | |
input { | |
lumberjack { | |
port => 6000 | |
type => "logs" | |
codec => json { | |
charset => "UTF-8" | |
} | |
ssl_certificate => "/etc/pki/tls/certs/selfsigned.crt" | |
ssl_key => "/etc/pki/tls/private/selfsigned.key" | |
} | |
} | |
filter { | |
if [type] == "syslog" { | |
grok { | |
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" } | |
add_field => [ "received_at", "%{@timestamp}" ] | |
add_field => [ "received_from", "%{host}" ] | |
} | |
syslog_pri { } | |
date { | |
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] | |
} | |
} | |
} | |
output { | |
elasticsearch { embedded => true } | |
stdout { codec => rubydebug } | |
} | |
logstash-forward.conf 的内容大致如下 | |
{ | |
"network": { | |
"servers": [ "115.29.249.226:6000" ], | |
"timeout": 15, | |
"ssl ca": "/etc/pki/tls/certs/selfsigned.crt", | |
"ssl_key": "/etc/pki/tls/private/selfsigned.key" | |
}, | |
"files": [ | |
{ | |
"paths": [ | |
"/var/www/jiguang/shared/log/staging.log" | |
], | |
"fields": { "type": "syslog" } | |
} | |
] | |
} | |
注意: | |
在生成ssl key pair的时候,不能根据上面的digitalocean的文章里说的来生成,会导致 | |
cannot validate certificate for x.x.x.x because it doesn't contain any IP SANs | |
的错误。所以需要用下面的脚本: | |
https://github.com/driskell/log-courier/blob/develop/src/lc-tlscert/lc-tlscert.go | |
go run lc-tlscert.go | |
选择ServerA的ip地址。 | |
相关文章说明:https://github.com/elasticsearch/logstash-forwarder/issues/221 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment