preface
tcp模块的使用场景如下: 有一台服务器A只需要收集一个日志,那么我们就可以不需要在这服务器上安装logstash,我们通过在其他logstash上启用tcp模块,监听某个端口,然后我们在这个服务器A把日志通过nc发送到logstash上即可。
tcp模块的使用
在linux-node2上操作
我们参考官网的资料:https://www.elastic.co/guide/en/logstash/2.3/plugins-inputs-tcp.html
下面就配置下这个logstash的配置
[root@linux-node2 ~]# cat /etc/logstash/conf.d/tcp.conf
input {
tcp {
type => "tcp"
port => "6666"
mode => "server"
}
}
filter {
}
output {
stdout {
codec => rubydebug
}
}
确认配置文件无误且6666端口未被占用,那么启动logstash
[root@linux-node2 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/tcp.conf
确保监听了6666端口
[root@linux-node2 ~]# netstat -nplt |grep 6666
tcp 0 0 :::6666 :::* LISTEN 38047/java
发送日志到logstash的6666端口
linux-node1上操作。
我们通过nc来发送日志,所以先确保nc安装好了。
[root@linux-node1 ~]# yum -y install nc
通过nc发送日志,下面两种方式任选一种即可:
[root@linux-node1 ~]# cat /tmp/yum_save_tx-2016-12-08-07-03_CKPSb.yumtx |nc 192.168.141.4 6666
[root@linux-node1 ~]# nc 192.168.141.4 6666 < /tmp/yum_save_tx-2016-12-08-07-11oupqpM.yumtx
也可以通过这种方式伪设备的方式发送日志:
[root@linux-node1 ~]# echo "what the fuck" >/dev/tcp/192.168.141.4/6666
我们切换到linux-node2终端上查看,确实有日志输出了,如下所示:
[root@linux-node2 conf.d]# /opt/logstash/bin/logstash -f tcp.conf
Settings: Default pipeline workers: 2
Pipeline main started
{
"message" => "931:e004f280ad535bc891439aca30a0a889ec7c5ec7",
"@version" => "1",
"@timestamp" => "2016-12-11T03:08:00.744Z",
"host" => "192.168.141.3",
"port" => 33616,
"type" => "tcp"
}
{
"message" => "0",
"@version" => "1",
"@timestamp" => "2016-12-11T03:08:00.746Z",
"host" => "192.168.141.3",
"port" => 33616,
"type" => "tcp"
}
。。。。。