Create a conf file, /etc/logstash/conf.d directory
Input:
Here a collection of system messages and secure log
644 messages Secure chmod (authorization)
Output:
Type messageslog output to es and local /tmp/messages.log
Type securelog output to es
-t check the configuration is normal, if there is an error, please solve the problem according to the error.
Note: We want to collect the log file must give 644 rights, otherwise logstash will not have permission to read the contents of the log
After checking no problem to perform:
Go es to see whether the index is created:
Log content also.
Go kibana configure an index, obtain es data :
View kibana recognized index:
Create an index:
Here we will show the created two indexes:
Click: discorey see the index:
This logstash manual tests are normal, they are not required to use -e -f -t to test launch a direct service to use the system to system management system on the line.
start up:
[root@elk03 log]# systemctl start logstash.service
Join boot from Kai:
[root@elk03 log]# systemctl enable logstash.service
For more details see the start:
[root@elk03 log]# tail -f /var/log/logstash/logstash-plain.log