Logstash zabbix 插件

zabbix 监控 logstash

安装社区扩展包
wget http://download.elasticsearch.org/logstash/logstash/logstash-contrib-1.4.2.tar.gz
解压后覆盖 /usr/local/logstash-1.4.2/

 

配置Zabbix监控host

创建一个组

创建监控的主机

配置需要监控的主机参数

新建应用

新建监控项

配置监控项

查看主机状态

查看监控项状态

测试sender

登陆客户端(已安装完agent)

/usr/local/zabbix-2.2.2/bin/zabbix_sender -z 192.168.124.132 -vv -s "Zabbix client" -k key.log.error -o "hello word"

-z (zabbix server address)

-vv (详细信息)

-s (被监控的主机名)

-k (item 项名称)

-o (发送内容)

 

查看Zabbix Server 接收到的信息

 测试已成功，可以配置 logstash.conf

 

logstash 客户端配置文件

input {
  file {
    #定义一个标示
    type => "zabbix_log" 
    path => [ "/var/log/zabbix.test.log"]
    start_position => beginning
  }
}

filter {
   grep {
     #过滤指定标示
     type => "zabbix_log"
     match => [ "message", "(error|ERROR|CRITICAL)" ]
     #选择标示为"zabbix-sender"的事件处理
     add_tag => [ "zabbix-sender" ]
     add_field => [
　　　　#配置主机和监控项
       "zabbix_host", "Zabbix client",
       "zabbix_item", "key.log.error"
     ]
  }
}

output {
  redis{
    host =>"192.168.124.128"
    data_type => "list"
    key => "logstash"
  }
  
  stdout {
    codec => rubydebug
  }
  
  zabbix {
    # only process events with this tag
    tags => "zabbix-sender"

    # specify the hostname or ip of your zabbix server
    # (defaults to localhost)
    host => "192.168.124.132"

    # specify the port to connect to (default 10051)
    port => "10051"

    # specify the path to zabbix_sender
    # (defaults to "/usr/local/bin/zabbix_sender")
    zabbix_sender => "/usr/local/zabbix-2.2.2/bin/zabbix_sender"
  }
}

测试：

echo "error：test zabbix">>/var/log/zabbix.test.log

这样logstash 使用 zabbix 插件算是通了