先决条件,需要装好JDK。 cd /opt yum install wget -y 下载JDK wget http://www.xchinagroup.top/softdown/centos7/13_elk/jdk-8u201-linux-x64.tar.gz 安装JDK tar zxf jdk-8u201-linux-x64.tar.gz -C /usr/local/ vim /etc/profile 在最后面添加如下内容: export JAVA_HOME=/usr/local/jdk1.8.0_201/ export PATH=$PATH:$JAVA_HOME/bin export CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar:$CLASSPATH 保存退出 source /etc/profile 一、下载、安装。 cd /opt wget http://www.xchinagroup.top/softdown//centos7/13_elk/logstash-6.6.0.tar.gz tar zxvf logstash-6.6.0.tar.gz -C /usr/local/ 二、配置logstash 更新logstash的JVM配置 vim /usr/local/logstash-6.6.0/config/jvm.optionsLogstash 分为输入、输出 输入:标准输入、日志等 输出:标准输出、ES等 vim /usr/local/logstash-6.6.0/config/logstash.conf input{ stdin{} } output{ stdout{ codec=>rubydebug } }
保存退出。 三、logstash的启动和测试
yum install epel-release -y yum install haveged -y systemctl start haveged systemctl enable haveged haveged 安装过后,logstash在启动的时候会快一些。 启动: /usr/local/logstash-6.6.0/bin/logstash -f /usr/local/logstash-6.6.0/config/logstash.conf测试输入输出:
按ctrl + c 退出,进程也结束了。 +++++++++++++++++ logstash 读取日志 input{ file { path=> "/var/log/secure" } } output{ stdout{ codec=>rubydebug } } /usr/local/logstash-6.6.0/bin/logstash -f /usr/local/logstash-6.6.0/config/logstash.conf logstash 只会读取当前的日志,从当前的日志开始,有新的日志就会收集,以前旧的日志不管。
四、配置logstash 读取本地nginx 日志,输出到ES 自行安装nginx在logstash vim /usr/local/logstash-6.6.0/config/logstash.conf input{ file { path=> "/usr/local/nginx/logs/access.log" } } output{ elasticsearch { hosts => ["http://192.168.189.83:9200"] } } 后台启动logstash nohup /usr/local/logstash-6.6.0/bin/logstash -f /usr/local/logstash-6.6.0/config/logstash.conf >/tmp/logstash.log 2>&1 & logstash只收集新的日志,所以我们要先访问一下nginx
