安装haproxy配置rsyslog
节点规划:
- haproxy+rsyslog:80.106
- logstash:80.108
- es:80.106+80.107组成的es集群
- kibana:80.106+80.107各有一个kibana实例
-
安装haproxy
yum install -y haproxy -
修改haproxy配置文件,定义日志用本地rsyslog接收
log 127.0.0.1 local2 listen kibana bind 0.0.0.0:80 mode http log global server 192.168.80.107 192.168.80.107:5601 check 定义haproxy日志用local2接收,并定义了一个代理段,代理了107上的kibana端口,用于测试 -
配置rsyslog
$ModLoad imudp $UDPServerRun 514 # Provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514 local2.* /var/log/haproxy.log local2.* @@192.168.80.108:1514 开启udp和tcp的传输 local2日志一份存储到本地的haproxy.log日志,一份存发送到logstash主机的1514上,1514正是logstash用于接收数据的tcp类型的input -
重启haproxy和rsyslog
[root@es1 ~]# systemctl restart haproxy rsyslog
配置logstash
配置logstash接收tcp类型input
其来源为rsyslog接收的haproxy日志并通过tcp连接发送到logstash监听的tcp端口
cat haproxy-via-rsyslog.conf
input {
syslog {
port => 1514
type => "rsyslog-80-106"
}
}
output {
if [type] == "rsyslog-80-106" {
elasticsearch {
hosts => ["192.168.80.107:9200"]
index => "rsyslog-80-106-%{+YYYY.MM.dd}"
}
}
}
input类型为1514,监听该端口接收到的rsyslog数据
语法测试并启动logstash
[root@logstash conf.d]# logstash -f haproxy-via-rsyslog.conf -t
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2020-12-12 18:30:26.889 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
Configuration OK
[root@logstash conf.d]# logstash -f haproxy-via-rsyslog.conf
访问haproxy
浏览器访问haproxy生成一些日志,
kibana管理索引
创建索引
discover界面查看数据
