准备两个linux宿主机-
linux-node1: Elasticsearch + Logstash + Kibana
linux-node2: Logstash + redis
linux-node1 安装 ELK 配置logstash将redis数据送给ES
[root@linux-node1 conf.d]# cat redis-to-es.conf
input {
redis {
host => "192.168.200.4" #指向linux-node2的redis的ip地址
port => "6379"
password => "123456"
db => "0"
data_type => "list"
key => "logstash"
}
}
output {
elasticsearch {
hosts => ["192.168.200.99:9200"]
index => "logstash_syslog-%{+YYYY.MM.dd}"
}
}
利用supervisor自启 redis-to-es.conf
linux-node1 安装logstash和redis,并且配置logstash将数通网络设备syslog日志导入到redis里去
[root@linux-node2 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@linux-node2 ~]# yum install -y redis
[root@linux-node2 ~]# vim /etc/redis.conf
bind 0.0.0.0
requirepass 123456
[root@linux-node2 ~]# systemctl start redis && systemctl enable redis
安装logstash步骤省略
[root@cobbler-200 ~]# cat /etc/logstash/conf.d/syslog-to-redis.conf
input {
udp {
port => "514"
type => "syslog"
}
}
output {
redis {
host => ["192.168.200.4:6379"] #linux-node2的redis的ip地址
password => "123456"
db => "0"
data_type => "list"
key => "logstash"
}
}
利用supervisor自启 syslog-to-redis.conf
华为网络设备侧配置如下
clock timezone UTC add 08:00:00
ntp-service unicast-server 120.25.115.20
info-center source default channel 2 trap state off
info-center loghost source Vlanif100
info-center loghost 192.168.200.4 # ip 写redis的ip地址
info-center timestamp log format-date