导入GPG密钥
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
导入安装源

1
2
3
4
5
6
7
8
9
10
cat > /etc/yum.repos.d/elasticsearch.repo <<EOF
[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF

安装ELKStack
sudo yum install elasticsearch logstash kibana

curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.1.0-x86_64.rpm
sudo rpm -vi filebeat-6.1.0-x86_64.rpm

测试日志
logger -i -t "my_test" -p local3.notice "test_info"

TCP

1
2
3
4
5
6
7
8
9
10
11
12
13
14
input {
tcp {
type => "tcp"
port => "6666"
mode => "server"
}
}
output {
stdout {
codec => rubydebug
}
}

syslog

1
2
3
4
5
6
7
8
9
10
11
12
13
14
input {
syslog {
type => "system-syslog"
port => 514 #字符串要用双引号引起来
}
}
output {
elasticsearch { #写入es
hosts => ["10.8.1.55:9200"]
index => "system-syslog-%{+YYYY.MM}"
}
}

file

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
input{
file{
path => ["/var/log/messages"] #日志文件地址
type => "file-log"
start_position => "beginning"
}
}
output{
stdout {
codec => rubydebug
}
elasticsearch {
hosts => ["10.8.1.26:9200"]
index => "file-log-%{+YYYY.MM}"
}
}

2.x

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
echo '[elasticsearch-2.x]
name=Elasticsearch repository for 2.x packages
baseurl=http://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1
' | sudo tee /etc/yum.repos.d/elasticsearch.repo
echo '[kibana-4.4]
name=Kibana repository for 4.4.x packages
baseurl=http://packages.elastic.co/kibana/4.4/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1'| sudo tee /etc/yum.repos.d/kibana.repo
echo '[logstash-2.2]
name=logstash repository for 2.2 packages
baseurl=http://packages.elasticsearch.org/logstash/2.2/centos
gpgcheck=1
gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearch
enabled=1' | sudo tee /etc/yum.repos.d/logstash.repo