收集流程 1nxlog => 2logstash => 3elasticsearch
1. nxlog 使用模块 im_file 收集日志文件,开启位置记录功能
2. nxlog 使用模块tcp输出日志
3. logstash 使用input-tcp ,收集日志,并格式化,输出至es
windows上面的nxlog配置文件
nxlog.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
## This is a sample configuration file. See the nxlog reference manual about the## configuration options. It should be installed locally and is also available## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html ## Please set the ROOT to the folder your nxlog was installed into,## otherwise it will not start. #define ROOT C:\Program Files\nxlogdefine ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modulesCacheDir %ROOT%\dataPidfile %ROOT%\data\nxlog.pidSpoolDir %ROOT%\dataLogFile %ROOT%\data\nxlog.log #<Input in># Module im_msvistalog# For windows 2003 and earlier use the following:# Module im_mseventlog#</Input> <Input testfile> Module im_file
File "C:\\test\\\*.log"
SavePos TRUE
# Include JSON and raw formats# Exec $Message = to_json() + " " + $raw_event;</Input>
<Output out> Module om_tcp
Host 10.8.210.29
Port 514
</Output>
<Route 1> Path testfile => out
</Route>
|
logstash的启动配置文件
logstash.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
input { tcp {
port => 514
}
}filter { json {
source => "message"
}
}output{ elasticsearch {
host => "127.0.0.1"
port => "9200"
protocol => "http"
}
}
|