通過TCP/UDP收集日誌
阿新 • • 發佈:2020-08-22
1.配置收集日誌
[root@web01 ~]# vim /etc/logstash/conf.d/tcp.conf
input {
tcp {
port => "1234"
mode => "server"
}
}
output {
stdout {}
}
2.使用telnet測試
[root@db02 ~]# telnet 172.16.1.7 1234 Trying 172.16.1.7... Connected to 172.16.1.7. Escape character is '^]'. 123 345 #輸出內容 { "@timestamp" => 2020-08-17T02:23:05.833Z, "host" => "172.16.1.52", "port" => 33002, "message" => "\r", "@version" => "1" } { "@timestamp" => 2020-08-17T02:23:32.562Z, "host" => "172.16.1.52", "port" => 33002, "message" => "123\r", "@version" => "1" } { "@timestamp" => 2020-08-17T02:23:38.300Z, "host" => "172.16.1.52", "port" => 33002, "message" => "345\r", "@version" => "1" }
3.使用nc工具測試
#安裝
[root@db02 ~]# yum install -y nc
#使用nc工具
[root@db02 ~]# nc 172.16.1.7 1234
123
456
#使用nc工具收集日誌到logstash的伺服器
[root@web01 ~]# tail -f /var/log/nginx/access.log | nc 10.0.0.7 1234 &
[1] 29595
#傳送偽裝置資料
[root@web01 ~]# echo "偽裝置測試" > /dev/tcp/10.0.0.7/1234
4.收集日誌到ES
[root@web01 ~]# vim /etc/logstash/conf.d/tcp.conf input { tcp { port => "1234" mode => "server" } } output { elasticsearch { hosts => ["10.0.0.51:9200"] index => "tcp_log_%{+YYYY-MM-dd}" } }