部署logstash节点

.部署Logstash节点

1.查看系统环境：

[root@Logstash ~]# hostname

Logstash

[root@Logstash ~]# cat /etc/redhat-release

CentOS release 6.5 (Final)

[root@Logstash ~]# uname -r

2.6.32-431.el6.x86_64

[root@Logstash ~]# /etc/init.d/iptables stop

iptables：将链设置为政策 ACCEPT：filter                    [确定]

iptables：清除防火墙规则：                                 [确定]

iptables：正在卸载模块：                                   [确定]

[root@Logstash ~]# setenforce 0

setenforce: SELinux is disabled

2.安装logstash，通过它来监听数据源文件的新增内容经过logstash处理后上传到es里面。

[root@Logstash ~]# tar xf logstash-6.2.4.tar.gz

[root@Logstash ~]# mv logstash-6.2.4 /usr/local/logstash

3.安装filebeat

[root@Logstash ~]# tar xf filebeat-6.2.4-linux-x86_64.tar.gz

[root@Logstash ~]# mv filebeat-6.2.4-linux-x86_64 /usr/local/filebeat

[root@Logstash ~]# cd /usr/local/filebeat/

[root@Logstash filebeat]# cp filebeat.yml{,.default}

4.修改filebeat的配置文件：

[root@Logstash filebeat]# vim filebeat.yml

#配置内容最好和下面配置相同，注释多余的。

filebeat.prospectors:

- type: log

  paths:

    - /usr/local/filebeat/logs/filebeat   #filebeat文件日志路径

output.logstash:

  hosts: ["192.168.200.133:5044"]    #默认localhost,改成本机IP

5.启动filebeat服务：

[root@Logstash filebeat]# ./filebeat &

[root@Logstash filebeat]# ps -ef|grep filebeat

root       4868   1663  0 19:08 pts/0    00:00:00 ./filebeat

注：因为filebeat没有监听端口号，只有查看日志或进程。

注：filebeat监听的文件记录在/usr/local/filebeat/data/registry

6.新建一个logstash的启动指定配置文件：

[root@Logstash filebeat]# vim /usr/local/logstash/config/test.conf

input {

    beats {

      port => "5044"

    }

}

output {

     elasticsearch {

     hosts => "192.168.200.132:9200"

     }

     stdout { codec => rubydebug }

}

Logstash默认有input、filter、output三个区域，一般最少需要配置input和output即可！

logstash的本身默认的logstash.yml配置文件选择不修改即可！

7.测试下logstash，指定配置文件启动：

[root@Logstash filebeat]# cd /usr/local/logstash/

[root@Logstash logstash]# bin/logstash -f config/test.conf &

[root@Logstash ~]# netstat -anpt

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name  

tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1143/rpcbind       

tcp        0      0 0.0.0.0:5044                0.0.0.0:*                   LISTEN      2836/java          

tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1396/sshd          

tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      1221/cupsd         

tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1484/master        

tcp        0      0 0.0.0.0:39097               0.0.0.0:*                   LISTEN      1190/rpc.statd     

tcp        0      0 127.0.0.1:9600              0.0.0.0:*                   LISTEN      2836/java          

tcp        0    512 192.168.200.133:22          192.168.200.2:59294         ESTABLISHED 2397/sshd          

tcp        0      0 192.168.200.133:9743        192.168.200.132:9200        ESTABLISHED 2836/java          

tcp        0      0 192.168.200.133:53862       192.168.200.133:5044        ESTABLISHED 2773/./filebeat    

tcp        0      0 192.168.200.133:5044        192.168.200.133:53862       ESTABLISHED 2836/java