Logstash收集TCP/UDP日志

一 简介：

  通过logstash的tcp/udp插件收集日志，通常用于在向elasticsearch日志补录丢失的部分日志，可以将丢失的日志通过一个TCP端口直接写入到elasticsearch服务器。

二 编写Logstash TCP收集配置文件

[root@localhost ~]# cat /etc/logstash/conf.d/tcp.conf 
input {
    tcp {
        port => "9900"
        type => "tcplog"
        }
    }
output {
    elasticsearch {
        hosts => ["192.168.10.10:9200"]
        index => "logstash-tcplog-test-%{+YYYY.MM.dd}"
        
        }
    
    }

[root@localhost ~]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/tcp.conf -t
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
Configuration OK

[root@localhost ~]# systemctl restart logstash.service 

三 验证

    

NetCat简称nc，其功能实用，是一个简单、可靠的网络工具，可通过TCP或UDP协议传输读写数据，另外还具有很多其他功能。

[root@Docker ~]# yum -y install nc
[root@Docker ~]# echo "test" | nc 192.168.10.172 9900