1 軟體環境說明
本次安裝部署所用的軟體均為官網上目前的最新版本。
| 作業系統 | 軟體 | Java環境 |
| windows 10 | logstash-6.2.4 | jdk 1.8.0_171 |
| filebeat-6.3.0 |
1.1 filebeat安裝(注意:先配置好檔案後不要啟動,需要先啟動logstash,否則輸出連接配接不上會報錯)
a. 解壓filebeat--6.3.0.zip到自定義路徑下
b. 進入filebeat檔案夾,找到filebeat.yml,對其進行輸入輸出配置;
其中,輸入配置如下:(注意,enable應配置為true,讓配置檔案生效,路徑指向你要搜集的日志路徑,可以配多個)
#=========================== Filebeat inputs =============================
filebeat.inputs:
# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.
- type: log
# Change to true to enable this input configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- D:\APP_Center\workspace\eclipse\ELK_Log\log\*.log
#- /var/log/*.log
#- c:\programdata\elasticsearch\logs\*
輸出配置如下:(将預設的elasticsearch輸出注釋掉,重新配置logstash,其他配置均為預設即可)
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["127.0.0.1:5044"]
1.2 Logstash安裝
a. 解壓logstash-6.2.4.zip到自定義路徑下;
b. 進入bin目錄下,新定義一個配置檔案:logstash-simple.conf(名稱可自定義),輸入來自filebeat,這裡采取最簡單的标準輸出;
input {
beats{
host => "127.0.0.1"
port => 5044
type => "log4j"
}
}
output {
stdout{
codec => rubydebug
}
}
1.3 啟動
a. 先啟動logstash , 進入windows的cmd視窗,使用指令進入配置檔案所在的bin目錄,啟動logstash;
logstash –f logstash-simple.conf
看到如下輸出,則代表啟動成功。
Sending Logstash's logs to D:/logstash-6.2.4/logs which is now configured via log4j2.properties
[2018-07-04T11:08:37,244][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"D:/logstash-6.2.4/modules/fb_apache/configuration"}
[2018-07-04T11:08:37,279][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"D:/logstash-6.2.4/modules/netflow/configuration"}
[2018-07-04T11:08:37,565][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-07-04T11:08:38,413][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.2.4"}
[2018-07-04T11:08:39,318][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2018-07-04T11:08:51,885][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[2018-07-04T11:08:53,823][INFO ][logstash.inputs.beats ] Beats inputs: Starting input listener {:address=>"127.0.0.1:5044"}
[2018-07-04T11:08:53,928][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x3028b1de run>"}
[2018-07-04T11:08:54,028][INFO ][org.logstash.beats.Server] Starting server on port: 5044
[2018-07-04T11:08:54,183][INFO ][logstash.agent ] Pipelines running {:count=>1, :pipelines=>["main"]}
b. 再啟動filebeat,進入windows的cmd視窗,再進入對應的路徑,輸入啟動指令:(也可以同時按住Ctrl+shift再右鍵打開powershell視窗)
filebeat.exe -e -c filebeat.yml
c. 看到下面的界面則表示啟動成功;
3. 如果産生日志時,logstash就會有标準輸出。
