防止一台logstash机器上接入多个端口的日志会产生混乱

为了防止一台机器上多个接入会导致日志混乱所以地在各模块上添加type标识并作if判断!

不多比比直接上配置

[root@sf215 conf.d]# cat jddns-servers.conf 
input{
    syslog{
        type => "jddns-servers"
        port => 11514
    }
}
filter {
    if [type] == "jddns-servers" {
        grok {
            match => ["message", "%{DATA:time}, level:%{DATA:level}, domain:%{DATA:domain}, dns_server:%{IP:dns_server}, location:%{DATA:location}, info:%{DATA:info}!"] 
        }
    } 
}        
output {
    if [type] == "jddns-servers" {
        elasticsearch {
            hosts => "ip:9200"
            user => "elastic"
            password => "passwd"
            index => "jddns-servers-%{+yyyy.MM.dd}" 
        }
    }
}
[root@sf215 conf.d]# cat jddns-domains.conf 
input {
    syslog {
        type => "jddns-domains"
        port => 11515
    }
}
filter {
    if [type] == "jddns-domains" {
        grok {
            match => ["message", "%{DATA:time}, level:%{DATA:level}, domain:%{DATA:domain}, dns_server:%{DATA:dns_server}, dueto%{DATA:dueto}, info:%{GREEDYDATA:info}"] 
        }
    } 
}     
output {
    if [type] == "jddns-domains" {
        elasticsearch {
            hosts => "ip:9200"
            user => "elastic"
            password => "passwd"
            index => "jddns-domains-%{+yyyy.MM.dd}" 
        }
    }
}
posted @ 2021-07-01 15:57  带着泥土  阅读(279)  评论(0编辑  收藏  举报