CentOS 7.x 安装 Logstash 6.x

本文介绍在 CentOS 7.x 操作系统上安装 Logstash 6.x 的方法与过程。

---

版本说明

• CentOS 7.6
• Oracle JDK 1.8.0_231
• Logstash 6.8.5

---

安装步驟

1. 下载 Logstash，本示例使用 6.8.5 版本，下载文件是 logstash-6.8.5.tar.gz。

2. 执行解压命令 tar -xvf logstash-6.8.5.tar.gz。

3. 新增默认配置文件 logstash_default.conf，本示例将默认配置文件放在 bin 目录下，内容如下。

input {
  stdin{
  }
}

output {
  stdout{
  }
}

4. 进入 bin 目录，输入命令 ./logstash -f logstash_default.conf 启动运行。

[root@... bin]# ./logstash -f logstash_default.conf
Sending Logstash logs to /opt/logstash/logstash-6.8.5/logs which is now configured via log4j2.properties
[2019-11-23T16:44:19,475][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2019-11-23T16:44:19,491][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"6.8.5"}
[2019-11-23T16:44:26,059][INFO ][logstash.pipeline        ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[2019-11-23T16:44:26,205][INFO ][logstash.pipeline        ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#"}
The stdin plugin is now waiting for input:
[2019-11-23T16:44:26,260][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2019-11-23T16:44:26,514][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}

配置远程访问

1. 远程计算机无法访问以默认配置启动的 Logstash 服务，编辑 config 目录下 logstash.yml 配置文件，找到 http.host，将注释 # 去掉后修改为以下内容。

# ------------ Metrics Settings --------------
#
# Bind address for the metrics REST endpoint
#
http.host: "0.0.0.0"
#
# Bind port for the metrics REST endpoint, this option also accept a range
# (9600-9700) and logstash will pick up the first available ports.
#
# http.port: 9600-9700

2. 重启 Logstash 服务后，在远程计算机上打开浏览器，输入地址 [Logstash 服务 IP]:9600 访问可以看到以下信息。

{
  "host": "...",
  "version": "6.8.5",
  "http_address": "0.0.0.0:9600",
  "id": "2c55733e-4569-48ce-b2ae-3e09c9cbd9b3",
  "name": "ctup000105163",
  "build_date": "2019-11-13T21:36:11+00:00",
  "build_sha": "7516754d0be7f9bf96f71f1c1a82a3a504f4d0c8",
  "build_snapshot": false
}

后台运行

[root@... bin]# nohup ./logstash -f logstash_default.conf > /dev/null &

注意：以上命令会忽略所有日志输出，详细信息请参考 nohup 命令指南。

停止运行

1. 输入命令 ps -ef | grep logstash 查找 Logstash 服务进程号。

[root@... bin]# ps -ef | grep logstash
root     126410 120649 50 16:53 pts/0    00:01:21 /opt/jdk/jdk1.8.0_231//bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djruby.compile.invokedynamic=true -Djruby.jit.threshold=0 -Djruby.regexp.interruptible=true -XX:+HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -cp /opt/logstash/logstash-6.8.5/logstash-core/lib/jars/animal-sniffer-annotations-1.14.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/commons-codec-1.11.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/commons-compiler-3.0.8.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/error_prone_annotations-2.0.18.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/google-java-format-1.1.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/gradle-license-report-0.7.1.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/guava-22.0.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/j2objc-annotations-1.1.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/jackson-annotations-2.9.9.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/jackson-core-2.9.9.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/jackson-databind-2.9.9.3.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/jackson-dataformat-cbor-2.9.9.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/janino-3.0.8.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/javassist-3.22.0-GA.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/jruby-complete-9.2.7.0.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/jsr305-1.3.9.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/log4j-api-2.9.1.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/log4j-core-2.9.1.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/log4j-slf4j-impl-2.9.1.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/logstash-core.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.core.commands-3.6.0.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.core.contenttype-3.4.100.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.core.expressions-3.4.300.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.core.filesystem-1.3.100.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.core.jobs-3.5.100.jar:/opt/logstash/logstas-6.8.5/logstash-core/lib/jars/org.eclipse.core.resources-3.7.100.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.core.runtime-3.7.0.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.equinox.app-1.3.100.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.equinox.common-3.6.0.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.equinox.preferences-3.4.1.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.equinox.registry-3.5.101.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.jdt.core-3.10.0.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.osgi-3.7.1.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.text-3.5.101.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/slf4j-api-1.7.25.jar org.logstash.Logstash -f logstash_default.conf
root     127024 120649  0 16:56 pts/0    00:00:00 grep --color=auto logstash

2. 输入命令 kill -9 进程号 关闭 Logstash 服务，然后再次输入命令 ps -ef | grep logstash 确认 Logstash 服务已被关闭。

[root@... bin]# kill -9 126410
[root@... bin]# ps -ef | grep logstash
root     127279 120649  0 16:57 pts/0    00:00:00 grep --color=auto logstash

附

Logstash Reference