1.配置收集日志
[root@web01 ~]# vim /etc/logstash/conf.d/tcp.conf
input {
tcp {
port => "1234"
mode => "server"
}
}
output {
stdout {}
}
2.使用telnet测试
[root@db02 ~]# telnet 172.16.1.7 1234
Trying 172.16.1.7...
Connected to 172.16.1.7.
Escape character is '^]'.
123
345
#输出内容
{
"@timestamp" => 2020-08-17T02:23:05.833Z,
"host" => "172.16.1.52",
"port" => 33002,
"message" => "
",
"@version" => "1"
}
{
"@timestamp" => 2020-08-17T02:23:32.562Z,
"host" => "172.16.1.52",
"port" => 33002,
"message" => "123
",
"@version" => "1"
}
{
"@timestamp" => 2020-08-17T02:23:38.300Z,
"host" => "172.16.1.52",
"port" => 33002,
"message" => "345
",
"@version" => "1"
}
3.使用nc工具测试
#安装
[root@db02 ~]# yum install -y nc
#使用nc工具
[root@db02 ~]# nc 172.16.1.7 1234
123
456
#使用nc工具收集日志到logstash的服务器
[root@web01 ~]# tail -f /var/log/nginx/access.log | nc 10.0.0.7 1234 &
[1] 29595
#发送伪设备数据
[root@web01 ~]# echo "伪设备测试" > /dev/tcp/10.0.0.7/1234
4.收集日志到ES
[root@web01 ~]# vim /etc/logstash/conf.d/tcp.conf
input {
tcp {
port => "1234"
mode => "server"
}
}
output {
elasticsearch {
hosts => ["10.0.0.51:9200"]
index => "tcp_log_%{+YYYY-MM-dd}"
}
}