Linux安装Logstash
Logstash安装
一、上传解压重命名
将Logstash压缩包上传到
/home/
下解压压缩包并重命名
[root@localhost home] tar -zxf logstash-7.15.0-linux-x86_64.tar.gz [root@localhost home] mv logstash-7.15.0 logstash
二、生成SSL证书文件
进入
ES
安装根目录下
[root@localhost] cd /home/elasticsearch
生成
logstash
客户端证书
[root@localhost elasticsearch] ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 --name logstash --pem --out logstash.zip
解压
logstash.zip
当没有这个命令时,执行yum install unzip -y
安装zip
工具
[root@localhost elasticsearch] unzip logstash.zip
进入
logstash
中执行一下命令logstash
需要生成一个p8
文件
[root@localhost elasticsearch] cd logstash [root@localhost logstash] openssl pkcs8 -in logstash.key -topk8 -nocrypt -out logstash.p8 [root@localhost logstash] ls logstash.crt logstash.key logstash.p8
拷贝
CA公钥
文件到当前目录
[root@localhost logstash]# cp ../ca.pem ./
返回上一级目录,并拷贝
logstash
目录到logstash
目录下
[root@localhost logstash] cd .. [root@localhost elasticsearch] cp -r logstash /home/logstash/
三、修改配置文件
进入
logstash/config
根目录修改配置文件logstash.yml
[root@localhost config] vi logstash.yml
# 修改host http.host: 0.0.0.0 # 开启监控 xpack.monitoring.enabled: true # 配置ES地址 请注意协议是https xpack.monitoring.elasticsearch.hosts: ["https://127.0.0.1:9200"] xpack.monitoring.elasticsearch.ssl.verification_mode: none # 证书路径 xpack.monitoring.elasticsearch.ssl.certificate_authority: "/opt/logstash/logstash/ca.pem" xpack.monitoring.elasticsearch.sniffing: false # es账号 xpack.monitoring.elasticsearch.username: elastic # es密码 xpack.monitoring.elasticsearch.password: P8nhGN121I4VT0LMVwIT
修改解析配置文件名称
[root@localhost config] mv logstash-sample.conf logstash.conf
使用
root
用户启动服务
[root@localhost logstash] cd ../bin [root@localhost bin] ./logstash -f ../config/logstash.conf --config.reload.automatic #或 后台运行 [root@localhost bin] nohup ./logstash -f ../config/logstash.conf --config.reload.automatic &
四、测试验证
测试是否启动成功
[root@localhost ~] curl http://127.0.0.1:9600 {"host":"localhost.localdomain","version":"7.15.0","http_address":"0.0.0.0:9600","id":"0ce2b441-6a31-4b38-8868-018b06178f54","name":"localhost.localdomain","ephemeral_id":"4801a1e2-832d-4b95-8a63-0964623dafec","status":"green","snapshot":false,"pipeline":{"workers":1,"batch_size":125,"batch_delay":50},"monitoring":{"hosts":["http://127.0.0.1:9200"],"username":"logstash_system"},"build_date":"2021-09-16T01:56:12Z","build_sha":"fd0927b95e580d5178256fb6adb6b79a1af3345b","build_snapshot":false}
注意事项
- http协议端口
9600
- beat默认端口
5044
(采集使用)- syslog tcp udp 默认端口
514
(采集Linux系统日志)
完整配置文件
# 工作管道(性能优化配置)=CPU核数 pipeline.workers: 4 # 批处理(性能优化配置) pipeline.batch.size: 1000 # 响应时间(性能优化配置) pipeline.batch.delay: 10 # 绑定IP地址 http.host: "0.0.0.0" # 开启监控 xpack.monitoring.enabled: true xpack.monitoring.elasticsearch.username: elastic xpack.monitoring.elasticsearch.password: 53Am18Spax2dkjIW4GeC xpack.monitoring.elasticsearch.hosts: ["https://127.0.0.1:9200"] xpack.monitoring.elasticsearch.ssl.verification_mode: none xpack.monitoring.elasticsearch.ssl.certificate_authority: "/home/logstash/config/certs/ca.pem" xpack.monitoring.elasticsearch.sniffing: false
logstash秘钥库
ES_PWD 密码 key ,ES_ACCESS 账号key
创建密码库
bin/logstash-keystore create
添加密钥
key
,过程中需要输入对应的密码
bin/logstash-keystore add ES_PWD
查看
key
列表
bin/logstash-keystore list
删除
key
bin/logstash-keystore remove ES_PWD
设置密码
set +o history export LOGSTASH_KEYSTORE_PASS=123456 set -o history
替换明文密码
xpack.monitoring.elasticsearch.username: ${ES_ACCESS} xpack.monitoring.elasticsearch.password: ${ES_PWD}
哇!又赚了一天人民币
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 本地部署 DeepSeek:小白也能轻松搞定!
· 如何给本地部署的DeepSeek投喂数据,让他更懂你
· 在缓慢中沉淀,在挑战中重生!2024个人总结!
· 大人,时代变了! 赶快把自有业务的本地AI“模型”训练起来!
· 从 Windows Forms 到微服务的经验教训