0.默认已经安装了ELK,并已经成功运行。如需安装,请移步此处。
1.直接进行端口通信测试
1.1修改配置文件
#新建配置文件
sudo vim /etc/logstash/conf.d/tcp.conf
#添加以下配置
input{
tcp{
port => 5600
mode => "server"
type => "tcplog"
}
}
output{
stdout{
codec => rubydebug
}
}
}
1.2启动服务
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/tcp.conf
1.2.1在另一台机器上使用nc工具进行管道通信
echo "nc-test" | nc 192.168.108.117 5699
1.2.2传送文件
nc 192.168.108.117 5699 < /etc/passwd
2.写入elasticsearch测试
2.1修改配置文件
input{
tcp{
port => 5699
mode => "server"
type => "tcplog"
}
}
output{
elasticsearch{
hosts =>["192.168.108.117:9200"]
index=>"tcp-log-%{+YYYY.MM.dd}.log"
}
}
2.2检查配置是否正确
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/tcp.conf -t
2.3查看端口是否被监听
ss -tnl
2.4重新启动logstash
sudo systemctl restart logstash