Logstash input{} syslog插件
input插件rsyslog
输出至屏幕
[root@node1 conf.d]# cat syslog.conf
input{
syslog{
type => "system-syslog"
port => 514
}
}
filter{
}
output{
stdout{
codec => rubydebug
}
}
[root@node1 conf.d]# /opt/logstash/bin/logstash -f syslog.conf
修改rsyslog配置文件
[root@node1 ~]# vim /etc/rsyslog.conf
*.* @@192.168.79.103:514
[root@node1 ~]# systemctl restart rsyslog
输出至es
[root@node1 conf.d]# cat syslog.conf
input{
syslog{
type => "system-syslog"
port => 514
}
}
filter{
}
output{
elasticsearch{
hosts => ["192.168.79.103:9200"]
index => "system-syslog-%{+YYYY.MM}"
}
}
[root@node1 conf.d]# /opt/logstash/bin/logstash -f syslog.conf