is the latest requirement for Linux system log collection. Of course, in addition to Linux system log collection, you also need to forward Tomcat logs or Nginx logs. So I used rsyslog, a more commonly used and powerful tool.
Version:
In the above file:
*.* @remote-host:514 *.* means forwarding the log information of all devices @ means using UDP protocol transmission @@ means using TCP protocol transmission to find the above Just remove the number in front of the sentence and add the corresponding IP and port. Example: *.* @10.255.0.165:514
If you only want to forward the log messages of the specified device on the server, such as the kernel device, then you can use the following statement in the rsyslog configuration file. kern.* @10.255.0.165:514
After the modification is completed, execute service rsyslog restart to restart rsyslong.
Logstash configuration
input {udp {port=> 514 type => syslog }}filter {if [type] == "syslog" {grok {patterns_dir => "/opt/logstash/logstash-5.2.2/patterns" match => {"message" => " %{SYSLOGTIMESTAMP:timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}"}} }}output{ elasticsearch {hosts => ["10.255.0.167"] index => "rsyslog_test"} stdout{ codec => rubydebug }}Last updated configuration: /etc/init.d/rsyslog restart Attachment: The configuration of Logstash is very simple, just listen on port 514 It's okay, but it is troublesome to use grok to cut logs. After all, so many kinds of logs must write corresponding regularities.
technology Latest News
-
-
-
-
-
-
-
-
-
-
Site article recommendation
-
-
-
-
-
-
technology Video
-
-
-
-
-
-