VitePressAppearance
Syslog + ELK 日志收集
配置 syslog
编辑syslog的配置文件/etc/rsyslog.conf:
# 添加如下内容
*.* @@192.168.1.6:514
# 添加如下内容
*.* @@192.168.1.6:514
重启rsyslog:
systemctl restart rsyslog
systemctl restart rsyslog
配置Logstash
# vim /usr/local/logstash-7.7.1/config/syslog2es.conf
input {
syslog {
type => "system-syslog"
port => 514
}
}
output {
elasticsearch {
hosts => ["192.168.56.12:9200"]
index => "system-syslog-%{+YYYY.MM}"
}
}
# vim /usr/local/logstash-7.7.1/config/syslog2es.conf
input {
syslog {
type => "system-syslog"
port => 514
}
}
output {
elasticsearch {
hosts => ["192.168.56.12:9200"]
index => "system-syslog-%{+YYYY.MM}"
}
}
启动相关服务
启动logstash和es:
# es
[root@master elasticsearch-7.7.1]\# su esuser
[esuser@master elasticsearch-7.7.1]$ bin/elasticsearch -d
# logstash
[root@master logstash-7.7.1]\# bin/logstash -f config/syslog2es.conf
# es
[root@master elasticsearch-7.7.1]\# su esuser
[esuser@master elasticsearch-7.7.1]$ bin/elasticsearch -d
# logstash
[root@master logstash-7.7.1]\# bin/logstash -f config/syslog2es.conf
查看服务状态
ES 状态
在浏览器的es插件中的browser进行查看:
Kibana 状态
略.
参考之前的文章添加索引, 在此不再赘述.