负责收集本地日志,传送给远程的logstash,新建一个forward.conf文件
{
"network": {
"servers": [ "localhost:5043" ],
"ssl ca":"/path/to/localhost.crt",
"timeout": 15
},
"files": [
{
"paths": [ "/path/to/sample-log" ],
"fields": { "type": "apache" }
}
]}
在logstash中的配置文件input中,加入lumberjack指定数据来源
lumberjack {
port => "5043"
ssl_certificate => "/path/to/ssl-cert"
ssl_key => "/path/to/ssl-key"
}
logstash多日志处理方式input中分别处理syslog,apache日志,指定type,在filter中制定不同规则
input {
file {
path => "/var/log/messages"
type => "syslog"
}
file {
path => "/var/log/apache/access.log"
type => "apache"
}
}
filter{
if[type] == "syslog"{
...
}
if[type] == "apache"{
...
}
}
output{
if[type] == "syslog"{ ... }
if[type] == "apache"{ ... }
}
网友评论