使用 logstash-forwarder 采集 AIX 小型机操作案例

一、使用背景

在AIX系统下,filebeat 是不支持的,logstash 也是不支持的,本次案例中ELK的架构是filebeat+kafka+logstash+elasticsearch+kibana 在aix 中只能使用 logstash-forwarder 采集日志,但是 logstash-forwarder 并没有kafka output插件,所以只能是小型机中日志通过 logstash-forwarder + logstash + elasticsearch + kibana 架构,跳过 kafka 。

二、logstash 服务端配置

1、我们首先需要生成证书:
cd /etc/pki/tls
sudo openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt
2、执行命令生成密钥文件keystore.jks
keytool -importcert -trustcacerts -file logstash-forwarder.crt -alias ca -keystore keystore.jks

说明:

keytool:是java/bin命令 任意路径执行即可,当前路径下会生成 keystore.jks,将文件拷贝到aix小型机备用。

3、logstash服务端配置文件
input{

       lumberjack {

       port => 5000//要跟客户端一致

       ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"

       ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"

       type => "access"//要跟客户端一致,可以分类型处理。

    }

}


output {
    stdout{codec==>rubydebug} //输出到控制台,测试与客户端是否通信成功

}

小知识:lumberjack 是 logstash-forwarder 还没用 Golang 重写之前的名字,这里需要安装 logstash-input-lumberjack 插件, 我的环境是离线的,所以需要离线安装logstash插件。

4、离线安装logstash-input-lumberjack 插件

首先需要在联网环境的logstash下安装logstash-input-lumberjack插件,然后再打包,拷贝到离线环境下安装。

cd /usr/share/logstash/bin/
./logstash-plugin install logstash-input-lumberjack
./logstash-plugin prepare-offline-pack logstash-input-lumberjack

执行后会输出:

Offline package created at: /usr/share/logstash/logstash-offline-plugins-6.5.0.zip

You can install it with this command
`bin/logstash-plugin install file:///usr/share/logstash/logstash-offline-plugins-6.5.0.zip`

在logstash服务端安装

bin/logstash-plugin install file:///usr/share/logstash/logstash-offline-plugins-6.5.0.zip
5、启动logstash进程
./logstash -f /etc/logstash/conf.d/lumberjack-input.conf

三、AIX客户端

1、安装 logstash-forwarder

下载地址:https://github.com/didfet/logstash-forwarder-java/releases/tag/0.2.4 下载文件,并解压文件到AIX小型机上,logstash-forwarder-java-0.2.4-bin.tar.gz

2、编写配置文件 test.conf
{
  "network": {
    "servers": [ "10.18.10.2:5000" ],
      "timeout": 15,
      "ssl ca" : "/path/to/keystore.jks"

  },
  "files": [
    {
      "paths": [
        "/path/to/log"
       ],
      "fields": { "type": "access" }
    }
  ]
}
3、启动进程
java -jar logstash-forwarder-java-X.Y.Z.jar -config /path/to/config/test.conf

查看客户端和服务端是否有报错。

参考文档:

1.https://blog.csdn.net/cysunc/article/details/83099433

2. https://github.com/chenryn/ELKstack-guide-cn/blob/b79047ac51baeec90f5850f2e86eb16982e90d73/logstash/scale/logstash-forwarder.md

3. https://www.elastic.co/guide/en/logstash/7.10/plugins-inputs-lumberjack.html#plugins-inputs-lumberjack

发表评论

评论列表,共 6 条评论

  • נערות ליווי בצפון

    "A fascinating discussion is worth comment. I do believe that you ought to publish more on this subject, it may not be a taboo matter but usually people don't speak about these topics. To the next! Cheers!!"

  • Ellenwip

    Spring sale - http://seo-swat.ru//WRPe1

  • LarryGuh

    The matchless theme, very much is pleasant to me :)
    <a href=https://unprotectedhex.com>unprotectedhex.com</a>

  • Randythuse

    I am final, I am sorry, but I suggest to go another by.
    <a href=https://nicebdsm.com>nicebdsm</a>

  • RobertThand

    I think, what is it — a false way. And from it it is necessary to turn off.
    <a href=https://nicebdsm.com>nicebdsm</a>

  • Davidprone

    It is remarkable, rather valuable phrase