ELK 收集網路裝置日誌-----引入 redis進行快取
阿新 • • 發佈:2020-10-13
準備兩個linux宿主機-
linux-node1: Elasticsearch + Logstash + Kibana
linux-node2: Logstash + redis
linux-node1 安裝 ELK 配置logstash將redis資料送給ES
[root@linux-node1 conf.d]# cat redis-to-es.conf input { redis { host => "192.168.200.4" #指向linux-node2的redis的ip地址 port => "6379" password => "123456" db => "0" data_type => "list" key => "logstash" } } output { elasticsearch { hosts => ["192.168.200.99:9200"] index => "logstash_syslog-%{+YYYY.MM.dd}" } } 利用supervisor自啟 redis-to-es.conf
linux-node1 安裝logstash和redis,並且配置logstash將數通網路裝置syslog日誌匯入到redis裡去
[root@linux-node2 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo [root@linux-node2 ~]# yum install -y redis [root@linux-node2 ~]# vim /etc/redis.conf bind 0.0.0.0 requirepass 123456 [root@linux-node2 ~]# systemctl start redis && systemctl enable redis 安裝logstash步驟省略 [root@cobbler-200 ~]# cat /etc/logstash/conf.d/syslog-to-redis.conf input { udp { port => "514" type => "syslog" } } output { redis { host => ["192.168.200.4:6379"] #linux-node2的redis的ip地址 password => "123456" db => "0" data_type => "list" key => "logstash" } } 利用supervisor自啟 syslog-to-redis.conf
華為網路裝置側配置如下
clock timezone UTC add 08:00:00
ntp-service unicast-server 120.25.115.20
info-center source default channel 2 trap state off
info-center loghost source Vlanif100
info-center loghost 192.168.200.4 # ip 寫redis的ip地址
info-center timestamp log format-date