Logstash

如何執行logstash-2.4.0

  • September 18, 2016

當我嘗試 ELK 時,我安裝了 logstash-2.4.0。我寫了log4j_to_es.conf. 當我執行時./bin/logstash agent -f config/log4j_to_es.conf出現錯誤。

Settings: Default pipeline workers: 4
Pipeline aborted due to error {:exception=>"Errno::EADDRNOTAVAIL", :backtrace=>[
"org/jruby/ext/socket/RubyTCPServer.java:118:in `initialize'", 
"org/jruby/RubyIO.java:871:in `new'", 
"/home/tools/logstash-2.4.0/vendor/bundle/jruby/1.9/gems/logstash-input-log4j-2.0.7-java/lib/logstash/inputs/log4j.rb:71:in `register'", 
"/home/tools/logstash-2.4.0/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:330:in `start_inputs'", 
"org/jruby/RubyArray.java:1613:in `each'", 
"/home/tools/logstash-2.4.0/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:329:in `start_inputs'", 
"/home/tools/logstash-2.4.0/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:180:in `start_workers'", 
"/home/tools/logstash-2.4.0/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:136:in `run'", 
"/home/tools/logstash-2.4.0/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/agent.rb:491:in `start_pipeline'"], 
:level=>:error}
stopping pipeline {:id=>"main"}

log4j_to_es.conf這樣的:

input {
 log4j {
   mode => "server"
   host => "120.13.243.95"
   port => 4567
 }
}
output {
 elasticsearch {
   action => "index"
   hosts  => "192.168.1.54:9200"
   index  => "applog"
 }
}

系統為 CentOS 7.2.1511。輸入是另一台伺服器。輸出是本地主機。

您在輸入中指定的 IP 地址在您執行 logstash 的系統上不可用。我假設您提供的 IP 是發送日誌的系統的 IP 地址?

如果是這樣,您誤解了配置語法。您無需在輸入中指定 IP 地址。如果您省略該條目,logstash 將偵聽所有可用介面。另一方面,如果您確實只希望 logstash 偵聽特定 IP,則需要確保指定的 IP 是在 logstash 伺服器上配置的。

– 編輯:你想讓logstash 接收你的log4j 發送的消息嗎?如果是這樣,則適用上述修復。另一方面,如果您希望 logstash 連接到遠端伺服器上的 log4j 實例,那麼您只需將“模式”從“伺服器”更改為“客戶端”。

您是否閱讀過logstash log4j 文件?這一切都非常清楚。

引用自:https://serverfault.com/questions/803785