{"id":4826,"date":"2021-04-27T09:39:28","date_gmt":"2021-04-27T01:39:28","guid":{"rendered":"https:\/\/sumju.net\/?p=4826"},"modified":"2022-10-02T17:17:17","modified_gmt":"2022-10-02T17:17:17","slug":"logstash-%e5%be%ae%e4%bf%a1%e6%8f%90%e9%86%92","status":"publish","type":"post","link":"https:\/\/sumju.net\/?p=4826","title":{"rendered":"Logstash \u5fae\u4fe1\u63d0\u9192"},"content":{"rendered":"<p>\u6700\u8fd1\u4f7f\u7528ELK\u6536\u96c6\u65e5\u5fd7\uff0c\u5229\u7528Logstash\u6536\u96c6syslog\u5230Elasticsearch\u5e76\u4e14\u6536\u5230\u7279\u5b9a\u6d88\u606f\u53d1\u51fa\u5fae\u4fe1\u62a5\u8b66\u3002<\/p>\n<p>ELK\u7684\u7248\u672c\u662f7.12 \uff0c\u5ba2\u6237\u7aef\u7684\u65e5\u5fd7\u901a\u8fc7udp \u7aef\u53e3514 \u53d1\u9001\u5230logstash\uff0c\u518d\u7531logstash\u5206\u6790\u540e\u5b58\u50a8\u5230Elasticsearch\u5e76\u4e14\u901a\u8fc7\u7279\u5b9a\u6761\u4ef6\u53d1\u51fa\u5fae\u4fe1\u8b66\u62a5\u3002Logstash\u9700\u8981\u5b89\u88c5exec\u63d2\u4ef6\u6765\u5b9e\u73b0\u8c03\u7528\u5fae\u4fe1\u53d1\u9001\u7a0b\u5e8f\u3002<\/p>\n<p>\u4e0b\u9762\u8bb0\u5f55\u4e00\u4e0b\u81ea\u5df1\u7684logstash\u914d\u7f6e\u6587\u4ef6\uff0c\u540c\u65f6\u6536\u96c6syslog\u548cfilebeat\u7684\u914d\u7f6e\u65b9\u6cd5\u3002<\/p>\n<pre><code>input {\n  syslog{\n    type =&gt; \"system-syslog\"\n    port =&gt; 514\n  }\n\n  beats{\n    type =&gt; \"beats\"\n    port =&gt; 5044\n  }\n}\n\nfilter{\n<div class=\"erphpdown erphpdown-see erphpdown-see-pay erphpdown-content-vip\" id=\"erphpdown\" style=\"display:block;\">\u6b64\u5185\u5bb9\u67e5\u770b\u4ef7\u683c\u4e3a<span class=\"erphpdown-price\">1.99<\/span>\u667a\u80fd\u5e01<a class=\"erphpdown-iframe erphpdown-buy\" href=\"https:\/\/sumju.net\/wp-content\/plugins\/erphpdown\/buy.php?postid=4826&timestamp=1779515769\" target=\"_blank\">\u7acb\u5373\u8d2d\u4e70<\/a><div class=\"erphpdown-tips\">\u4f60\u7684\u652f\u6301\u662f\u6211\u66f4\u65b0\u539f\u521b\u7684\u52a8\u529b\uff0c\u5982\u679c\u6709\u7591\u95ee\u8be6\u8be2qq:16900693<\/div><\/div>\noutput {\n    if [type] == \"system-syslog\" {\n\t#stdout { codec =&gt; rubydebug }\n\t\n\telasticsearch { \n\t\thosts =&gt; [\"http:\/\/xxx.xxx.xxx.xxx:9200\"] \n\t\tindex =&gt; \"syslog-%{+YYYY.MM.dd}\"\n\t\ttemplate_overwrite =&gt; true\n\t\t}\n\n\tif [message] =~ \"Security\" {\n        \texec    {\n\t\t\tcommand =&gt; \"\/root\/weixin %{msg}\"\n                        }\n        }\n    }\n\n    if [type] == \"beats\" {\n\t#stdout { codec =&gt; rubydebug }\n       \telasticsearch {\n               \thosts =&gt; [\"http:\/\/xxx.xxx.xxx:9200\"]\n                index =&gt; \"beats-%{+YYYY.MM.dd}\"\n               \ttemplate_overwrite =&gt; true\n               \t}\n\tif [host][hostname] == \"XXXXXX\" {\n\t\texec{\n                      \tcommand =&gt; \"\/root\/weixin ${msg}\"\n                }\n\t}\n    }\n\n    #stdout { codec =&gt; rubydebug }\n}\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>\u6700\u8fd1\u4f7f\u7528ELK\u6536\u96c6\u65e5\u5fd7\uff0c\u5229\u7528Logstash\u6536\u96c6syslog\u5230Elasticsearch\u5e76\u4e14\u6536\u5230\u7279\u5b9a&hellip; <a href=\"https:\/\/sumju.net\/?p=4826\" class=\"more-link read-more\" rel=\"bookmark\">\u7ee7\u7eed\u9605\u8bfb <span class=\"screen-reader-text\">Logstash \u5fae\u4fe1\u63d0\u9192<\/span><i class=\"fa fa-arrow-right\"><\/i><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[208,14],"tags":[],"class_list":{"0":"post-4826","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"hentry","6":"category-elk","7":"category-linux","8":"h-entry","10":"h-as-article"},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/sumju.net\/index.php?rest_route=\/wp\/v2\/posts\/4826","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sumju.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sumju.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sumju.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sumju.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4826"}],"version-history":[{"count":9,"href":"https:\/\/sumju.net\/index.php?rest_route=\/wp\/v2\/posts\/4826\/revisions"}],"predecessor-version":[{"id":6965,"href":"https:\/\/sumju.net\/index.php?rest_route=\/wp\/v2\/posts\/4826\/revisions\/6965"}],"wp:attachment":[{"href":"https:\/\/sumju.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4826"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sumju.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4826"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sumju.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4826"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}