本人使用rpm方式安装去官网找到下载资源右键复制下载链接
服务器输入命令
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.0.0.rpm rpm -ivh logstash-6.0.0.rpm安装完之后,先不要启动服务,先配置logstash收集syslog日志:
vim /etc/logstash/conf.d/syslog.conf # 加入如下内容 input { # 定义日志源 syslog { type => "system-syslog" # 定义类型 port => 10514 # 定义监听端口 } } output { # 定义日志输出 stdout { codec => rubydebug # 将日志输出到当前的终端上显示 } }检测配置文件是否有错:
cd /usr/share/logstash/bin ./logstash --path.settings /etc/logstash/ -f /etc/logstash/conf.d/syslog.conf --config.test_and_exit
命令说明:
--path.settings 用于指定logstash的配置文件所在的目录-f 指定需要被检测的配置文件的路径--config.test_and_exit 指定检测完之后就退出,不然就会直接启动了出现如下ok即配置文件正确,
OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties Configuration OK
