logstashredises（5）

安装redis,logstash日志将会存放到redis，在经过redis上的logstash发送到es

yum -y install redis
vim /etc/redis.conf 
bind 192.168.1.6
/etc/init.d/redis starthsi

连接：

redis-cli -h 192.168.1.6

logstash配置测试

[root@elk1 ~]# vim /etc/logstash.conf 

input {
 file {
        path => "/var/log/messages"
        type => "system-log"
        }

 file {
        path => "/root/test.log"
        type => "test.log"
        }
}
output {
        if [type] == "system-log" {
   elasticsearch {
        host => ["192.168.1.4:9200","192.168.1.5:9200"]
        index => "system-messages-%{+YYYY.MM.dd.HH}"
        protocol => "http"
        workers => 5
        template_overwrite => true
    }
}
        if [type] == "test.log" {
   elasticsearch {
        host => ["192.168.1.4:9200","192.168.1.5:9200"]
        index => "test.log-%{+YYYY.MM.dd.HH}"
        protocol => "http"
        workers => 5
        template_overwrite => true

}
}
  redis {
        host => "192.168.1.6"   redis主机ip
        date_type => "list"   指定数据类型为list
        key => "test.log"   存入的key值
        prot => "6379"  端口
        db => "1"       db类型。可区分其他日志类型
}
}

给/var/log/messages中添加内容，以便于测试：

[root@elk1 ~]# cat /etc/logstash.conf >> /var/log/messages
[root@elk1 ~]# cat /etc/logstash.conf >> /var/log/messages

登录redis查看

[root@yum-down ~]# redis-cli -h 192.168.1.6
redis 192.168.1.6:6379> select 1
OK
redis 192.168.1.6:6379[1]> keys *
1) "test.log"
redis 192.168.1.6:6379[1]> LLEN test.log  查看有多少行
(integer) 75
redis 192.168.1.6:6379[1]> LINDEX test.log -1   查看最后一行
"{"message":"}","@version":"1","@timestamp":"2016-03-20T11:24:04.602Z","host":"elk1","path":"/var/log/messages","type":"system-log"}"
redis 192.168.1.6:6379[1]> 

测试完成后再redis机器上安装logstash来读取redis内容到es

tar xf logstash-1.5.5.tar.gz 
ln -sv logstash-1.5.5 logstash

logstash配置文件

[root@elk1 ~]# cat /etc/logstash.conf 
input {
 file {
    path => "/var/log/messages"
    type => "system-log"
    }
}
output {
  redis {
    host => "192.168.1.6"
    data_type => "list"
    key => "system.messages"
    port => "6379"
    db => "1"
}
}
[root@elk1 ~]# 

redis+logstash配置文件

[root@yum-down ~]# cat /etc/logstash.conf 
input {
    redis {
        host => "192.168.1.6"
        data_type => "list"
        key => "test.log"
        port => "6379"
        db => "1"

}
}
output {
   elasticsearch {
    host => ["192.168.1.4:9200","192.168.1.5:9200"]
    index => "redis-system-messages-%{+YYYY.MM.dd.HH}"
        protocol => "http"
        workers => 5
        template_overwrite => true
    }
}
[root@yum-down ~]# 

[root@elk1 ~]# cat /etc/shadow >> /var/log/messages 插入后，则看到有日志输入