在graylog中可选日志收集方式有很多,我们这里使用自带的collector-sidecar进行收集,收集的姿势很多,这里不在啰嗦,简图如下:
官网页面:http://docs.graylog.org/en/latest/pages/collector_sidecar.htmlnxlog安装可参考:yum install http://nxlog.co/system/files/products/files/1/nxlog-ce-2.9.1716-1_rhel7.x86_64.rpm客户端安装:
[root@linuxea-113 /etc]# yum install -y https://github.com/Graylog2/collector-sidecar/releases/download/0.0.9/collector-sidecar-0.0.9-1.x86_64.rpm
[root@linuxea-113 /etc]# graylog-collector-sidecar -service install
配置将nginx的access.log发送到graylog,如下:
[root@linuxea-113 /etc]# cat /etc/graylog/collector-sidecar/collector_sidecar.yml
server_url: http://10.10.240.117:9000/api/
update_interval: 10
tls_skip_verify: false
send_status: true
list_log_files:
- /var/log/nginx/access.log
node_id: 10.0.1.49
collector_id: file:/etc/graylog/collector-sidecar/collector-id
log_path: /var/log/graylog/collector-sidecar
log_rotation_time: 86400
log_max_age: 604800
tags:
- nginx_access
backends:
# - name: nxlog
# enabled: false
# binary_path: /usr/bin/nxlog
# configuration_path: /etc/graylog/collector-sidecar/generated/nxlog.conf
- name: filebeat
enabled: true
binary_path: /usr/bin/filebeat
configuration_path: /etc/graylog/collector-sidecar/generated/filebeat.yml配置完成,启动collector-sidecar1,打开web界面在system下拉菜单中选择collectors
2,选择manage configurations
3,创建configuration
4,create output ,hosts为graylog ip地址
5,create input,在type of input file选择output的name
6,在tags中需要和配置文件中的tags一致
7,但设置完成回到collectors中,会发现node_id命名的名称和tags名称,说明已经ok
8,在system的inputs中,选择beats new input
但发现有流量在动,说明已经配置生效
能看到日志已经被收集
其他功能在下次再说
