一 简介:
通过logstash的tcp/udp插件收集日志,通常用于在向elasticsearch日志补录丢失的部分日志,可以将丢失的日志通过一个TCP端口直接写入到elasticsearch服务器。
二 编写Logstash TCP收集配置文件
[root@localhost ~]# cat /etc/logstash/conf.d/tcp.conf input { tcp { port => "9900" type => "tcplog" } } output { elasticsearch { hosts => ["192.168.10.10:9200"] index => "logstash-tcplog-test-%{+YYYY.MM.dd}" } }
[root@localhost ~]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/tcp.conf -t
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
Configuration OK
[root@localhost ~]# systemctl restart logstash.service
三 验证
NetCat简称nc,其功能实用,是一个简单、可靠的网络工具,可通过TCP或UDP协议传输读写数据,另外还具有很多其他功能。
[root@Docker ~]# yum -y install nc [root@Docker ~]# echo "test" | nc 192.168.10.172 9900
