十二、系统模块插件（一）

tcp{
    mode => "server" #连接模式有server、client
    host => "0.0.0.0" #监听的主机地址如果是server就是本机地址如果是client就是你要连接server主机的地址，监听地址0.0.0.0表示监听所有地址
    port => 8888 #端口8888
    type => "tcplog" #区分日志来源
}
udp{
    host => "192.168.4.16" #可添可不添
    port => 9999
    type => "udplog"
}
练习
[root@logstash logstash]# vim /etc/logstash/logstash.conf

input{
      stdin{ codec => "json" }
      file {
      path => ["/tmp/a.log","/tmp/b.log"]
      sincedb_path => "/var/lib/logstash/sincedb.log"
      start_position => "beginning"
      type => "filelog"
}
tcp {
      mode => "server"
      host => "0.0.0.0"
      port => 8888
      type => "tcplog"
}
udp {
     host => "192.168.0.18"
     port => 9999
     type => "udplog"
}
}
[root@logstash logstash]# /opt/logstash/bin/logstash -f /etc/logstash/logstash.conf
Settings: Default pipeline workers: 2
Pipeline main started
然后打开另一个终端查看端口是否启动
[root@logstash ~]# netstat -utnlp | grep java
tcp6 0 0 :::8888 :::* LISTEN 2038/java
udp6 0 0 192.168.0.18:9999 :::* 2038/java
再然后换一台机器给服务器发送数据
[root@logstash ~]# ssh 192.168.0.22
①发送udp数据
[root@es5 ~]# echo "test udp log" >/dev/udp/192.168.0.18/9999
发送后返回logstash服务器查看
{
"message" => "test udp log\n",
"@version" => "1",
"@timestamp" => "2021-08-19T06:43:47.155Z",
"type" => "udplog",
"host" => "192.168.0.22"
}
②发送tcp数据
[root@es5 ~]# echo "test tcp log" >/dev/tcp/192.168.0.18/8888
{
"message" => "test tcp log",
"@version" => "1",
"@timestamp" => "2021-08-19T06:47:09.923Z",
"host" => "192.168.0.22",
"port" => 48708,
"type" => "tcplog"
}