如何集中 rsyslogs 并用作 logstash 的输入?
How can I centralize rsyslogs and use as input for logstash?
我想从我的客户端服务器发送我的 rsyslogs 并将它们用作我的 logstash 中的输入,这是我在网上找到的:
在我的客户端上,我将此行添加到我的 rsyslog.conf :
$ModLoad imuxsock
$ModLoad imklog
# Provides UDP forwarding. The IP is the server's IP address
*.* @192.168.1.1:5040
# Provides TCP forwarding. But the current server runs on UDP
# *.* @@192.168.1.1:5040
并将此行添加到我的服务器:
# provides support for local system logging
$ModLoad imuxsock
# provides kernel logging support (previously done by rklogd)
$ModLoad imklog
# provides UDP syslog reception. For TCP, load imtcp.
$ModLoad imudp
# For TCP, InputServerRun 514
$UDPServerRun 514
# This one is the template to generate the log filename dynamically, depending on the client's IP address.
$template FILENAME,"/var/log/%fromhost-ip%/syslog.log"
# Log all messages to the dynamically formed file. Now each clients log (192.168.1.2, 192.168.1.3,etc...), will be under a separate directory which is formed by the template FILENAME.
*.* ?FILENAME
并在客户端和服务器上重新启动我的 rsyslog,然后在我的 logstash 中我这样描述我的输入:
input {
tcp {
port => 5040
type => syslog
}
udp {
port => 5040
type => syslog
}
}
但它什么也没做,当我按下 control + C 时,它显示了这个错误:
SIGINT received. Shutting down the pipeline. {:level=>:warn}
UDP listener died {:exception=>#<IOError: closed stream>, :backtrace=>["org/jruby/RubyIO.java:3682:in `select'", " ...
我什至在我的 logstash 中使用 syslog 作为输入,但结果是一样的。
input {
syslog {
port => 5040
type => syslog
}
}
这是我的 logstash 的输出部分:
output {
stdout { }
solr_http {
solr_url => "http://localhost:8983/solr/logstash_logs"
}
}
我应该怎么做才能解决它?
问题是因为我的firewalld和iptables!在我禁用它们之后,一切正常!
systemctl disable firewalld.service
systemctl disable iptables.service
我想从我的客户端服务器发送我的 rsyslogs 并将它们用作我的 logstash 中的输入,这是我在网上找到的:
在我的客户端上,我将此行添加到我的 rsyslog.conf :
$ModLoad imuxsock
$ModLoad imklog
# Provides UDP forwarding. The IP is the server's IP address
*.* @192.168.1.1:5040
# Provides TCP forwarding. But the current server runs on UDP
# *.* @@192.168.1.1:5040
并将此行添加到我的服务器:
# provides support for local system logging
$ModLoad imuxsock
# provides kernel logging support (previously done by rklogd)
$ModLoad imklog
# provides UDP syslog reception. For TCP, load imtcp.
$ModLoad imudp
# For TCP, InputServerRun 514
$UDPServerRun 514
# This one is the template to generate the log filename dynamically, depending on the client's IP address.
$template FILENAME,"/var/log/%fromhost-ip%/syslog.log"
# Log all messages to the dynamically formed file. Now each clients log (192.168.1.2, 192.168.1.3,etc...), will be under a separate directory which is formed by the template FILENAME.
*.* ?FILENAME
并在客户端和服务器上重新启动我的 rsyslog,然后在我的 logstash 中我这样描述我的输入:
input {
tcp {
port => 5040
type => syslog
}
udp {
port => 5040
type => syslog
}
}
但它什么也没做,当我按下 control + C 时,它显示了这个错误:
SIGINT received. Shutting down the pipeline. {:level=>:warn}
UDP listener died {:exception=>#<IOError: closed stream>, :backtrace=>["org/jruby/RubyIO.java:3682:in `select'", " ...
我什至在我的 logstash 中使用 syslog 作为输入,但结果是一样的。
input {
syslog {
port => 5040
type => syslog
}
}
这是我的 logstash 的输出部分:
output {
stdout { }
solr_http {
solr_url => "http://localhost:8983/solr/logstash_logs"
}
}
我应该怎么做才能解决它?
问题是因为我的firewalld和iptables!在我禁用它们之后,一切正常!
systemctl disable firewalld.service
systemctl disable iptables.service