docker 安裝logstash
阿新 • • 發佈:2020-08-26
一、概述
需要使用docker 安裝Logstash,來收集檔案/var/log/messages
環境說明
作業系統:centos 7.6
docker版本:19.03.12
ip地址:192.168.31.190
二、安裝
下載映象
docker pull logstash:7.5.1
啟動logstash
docker run -d --name=logstash logstash:7.5.1
等待30秒,檢視日誌
docker logs -f logstash
如果出現以下資訊,說明啟動成功。
[2020-08-26T08:12:01,224][INFO ][org.logstash.beats.Server] Starting server on port: 5044[2020-08-26T08:12:01,722][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
建立持久化目錄,拷貝資料,授予許可權,並重新啟動
docker run -d --name=logstash logstash:7.5.1 mkdir -p /data/elk7/logstash/config/conf.d docker cp logstash:/usr/share/logstash/config /data/elk7/logstash/ docker cp logstash:/usr/share/logstash/data /data/elk7/logstash/ dockercp logstash:/usr/share/logstash/pipeline /data/elk7/logstash/ chmod 777 -R /data/elk7/logstash
配置檔案
請確保elasticsearch執行正常,關於elasticsearch的安裝,請參考連線:
https://www.cnblogs.com/xiao987334176/p/13565468.html
修改配置檔案中的elasticsearch地址
vi /data/elk7/logstash/config/logstash.yml
完整內容如下:
http.host: "0.0.0.0" xpack.monitoring.elasticsearch.hosts: ["http://192.168.31.190:9200" ] path.config: /usr/share/logstash/config/conf.d/*.conf path.logs: /usr/share/logstash/logs
注意:請根據實際情況修改elasticsearch地址
新建檔案syslog.conf,用來收集/var/log/messages
vi /data/elk7/logstash/config/conf.d/syslog.conf
內容如下:
input { file { #標籤 type => "systemlog-localhost" #採集點 path => "/var/log/messages" #開始收集點 start_position => "beginning" #掃描間隔時間,預設是1s,建議5s stat_interval => "5" } } output { elasticsearch { hosts => ["192.168.31.190:9200"] index => "logstash-system-localhost-%{+YYYY.MM.dd}" } }
重新啟動logstash
docker rm -f logstash docker run -d \ --name=logstash \ --restart=always \ -v /data/elk7/logstash:/usr/share/logstash \ -v /var/log/messages:/var/log/messages \ logstash:7.5.1
重啟完成之後,訪問elasticsearch-head
確保建立了索引