日志与监控
两台机器
bash
[root@node2 ~ 10:05:02]# systemctl st op firewalld.service
[root@node2 ~ 10:34:52]# systemctl di sable firewalld.service
Removed symlink /etc/systemd/system/m ulti-user.target.wants/firewalld.serv ice.
Removed symlink /etc/systemd/system/d bus-org.fedoraproject.FirewallD1.serv ice.
[root@node2 ~ 10:35:01]# vi /etc/hosts
[root@node2 ~ 10:38:18]# java -version
openjdk version "1.8.0_262"
OpenJDK Runtime Environment (build 1.8.0_262-b10)
OpenJDK 64-Bit Server VM (build 25.262-b10, mixed mode)
[root@node1 ~ 10:43:50]# rpm -ivh elasticsearch-5.5.0.rpm
warning: elasticsearch-5.5.0.rpm: Header V4 RSA/SHA512 Signature, key ID d88e42b4: NOKEY
Preparing... ################################# [100%]
Creating elasticsearch group... OK
Creating elasticsearch user... OK
Updating / installing...
1:elasticsearch-0:5.5.0-1 ################################# [100%]
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
sudo systemctl start elasticsearch.service
[root@node1 ~ 10:43:53]# systemctl daemon-reload
[root@node1 ~ 10:44:20]# systemctl enable elasticsearch.service
Created symlink from /etc/systemd/system/multi-user.target.wants/elasticsearch.service to /usr/lib/systemd/system/elasticsearch.service.
[root@node1 ~ 10:44:29]# cp /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml.bak
[root@node1 ~ 10:45:05]# vim /etc/elasticsearch/elasticsearch.yml
[root@node1 ~ 10:48:10]# mkdir -p /data/elk_data
[root@node1 ~ 10:48:34]# chown elasticsearch:elasticsearch /data/elk_data/
[root@node1 ~ 10:48:50]# systemctl start elasticsearch.service
[root@node1 ~ 10:56:50]# netstat -antp | grep 9200
tcp6 0 0 :::9200 :::* LISTEN 53900/java
tcp6 0 0 192.168.108.41:9200 192.168.108.1:15076 ESTABLISHED 53900/java
tcp6 0 0 192.168.108.41:9200 192.168.108.1:15077 ESTABLISHED 53900/java
[root@node1 ~]# cp /etc/elasticsearch/elasticsearch.yml
/etc/elasticsearch/elasticsearch.yml.bak
[root@node1 ~]# vim /etc/elasticsearch/elasticsearch.yml
17 cluster.name: my-elk-cluster #集群名字
23 node.name: nodeX #节点名字
33 path.data: /data/elk_data #数据存放路径
37 path.logs: /var/log/elasticsearch/ #日志存放路径
43 bootstrap.memory_lock: false #不在启动的时候锁定内存:锁定物理内存地址,防止es内存被交换出去,也就是避免es使用swap交换分区,频繁的交换,会导致IOPS变高。
55 network.host: 0.0.0.0 #提供服务绑定的IP地址,0.0.0.0代表所有地址
59 http.port: 9200 #侦听端口为9200
68 discovery.zen.ping.unicast.hosts: ["node1", "node2"] #集群发现通过单播实现
[root@node2 ~ 10:57:55]# netstat -antp |grep 9200
tcp6 0 0 :::9200 :::* LISTEN 53550/java
tcp6 0 0 192.168.108.42:9200 192.168.108.1:15545 ESTABLISHED 53550/java
tcp6 0 0 192.168.108.42:9200 192.168.108.1:15548 ESTABLISHED 53550/java{
"name" : "node1",
"cluster_name" : "my-elk-cluster",
"cluster_uuid" : "-NbqfjlJRva9w12xcD1OUg",
"version" : {
"number" : "5.5.0",
"build_hash" : "260387d",
"build_date" : "2017-06-30T23:16:05.735Z",
"build_snapshot" : false,
"lucene_version" : "6.6.0"
},
"tagline" : "You Know, for Search"
}
bash
{
"name" : "node2",
"cluster_name" : "my-elk-cluster",
"cluster_uuid" : "-NbqfjlJRva9w12xcD1OUg",
"version" : {
"number" : "5.5.0",
"build_hash" : "260387d",
"build_date" : "2017-06-30T23:16:05.735Z",
"build_snapshot" : false,
"lucene_version" : "6.6.0"
},
"tagline" : "You Know, for Search"
}安装elastic search-head插件
bash
[root@node1 ~]# yum install gcc gcc-c++ make -y
[root@node1 ~]# tar xzvf node-v8.2.1.tar.gz
[root@node1 ~]# cd node-v8.2.1/
[root@node1 node-v8.2.1]# ./configure
[root@node1 node-v8.2.1]# make -j4 #等待时间较长
[root@node1 node-v8.2.1]# make install安装phantomjs端框架
bash
[root@node1 src]# tar xjvf phantomjs-2.1.1-linux-x86_64.tar.bz2
[root@node1 ~ 11:44:07]# cd phantomjs-2.1.1-linux-x86_64/bin
[root@node1 bin 11:44:19]# cp phantomjs /usr/local/bin/安装elastic search-head数据可视化工具
bash
[root@node1 bin]# cd /usr/local/src/
[root@node1 src]# tar xzvf elasticsearch-head.tar.gz # 解压head插件源码包
[root@node1 src]# cd elasticsearch-head/ # 进入插件目录
[root@node1 elasticsearch-head]# npm install修改主配置文件
bash
[root@node1 ~]# cd ~
[root@node1 ~]# vim /etc/elasticsearch/elasticsearch.yml ####下面配置文件,插末尾
##
http.cors.enabled: true ##开启跨域访问支持,默认为false
http.cors.allow-origin: "*" ## 跨域访问允许的域名地址
[root@node1 ~]# systemctl restart elasticsearch启动elasticsearch-head 启动服务器
bash
[root@node1 ~]# cd /usr/local/src/elasticsearch-head/
[root@node1 elasticsearch-head]# npm run start & ####切换到后台运行
[1] 114729
[root@node1 elasticsearch-head]#
elasticsearch-head@0.0.0 start /usr/local/src/elasticsearch-head
grunt server
Running "connect:server" (connect) task
Waiting forever...
Started connect web server on http://localhost:9100
[root@node1 elasticsearch-head]# netstat -lnupt |grep 9100
tcp 0 0 0.0.0.0:9100 0.0.0.0:* LISTEN
114739/grunt
[root@node1 elasticsearch-head]# netstat -lnupt |grep 9200
tcp6 0 0 :::9200 :::* LISTEN
114626/java登录node2
编译安装node组件依赖包
bash
[root@node2 ~]# yum install gcc gcc-c++ make -y
[root@localhost opt]# cd /opt
[root@node2 opt]# tar xzvf node-v8.2.1.tar.gz
[root@node2 opt]# cd node-v8.2.1/
[root@node2 node-v8.2.1]# ./configure
[root@node2 node-v8.2.1]# make -j4 #等待时间较长
[root@node2 node-v8.2.1]# make install登录192.168.108.41 node1主机 索引为index-demo,类型为test,可以看到成功创建
bash
[root@node1 ~ 12:38:28]# curl -XPUT 'localhost:9200/index-demo/test/1?pretty&pretty' -H 'content-Type: application/json' -d '{"user":"zhangsan","mesg":"hello world"}'
{
"_index" : "index-demo",
"_type" : "test",
"_id" : "1",
"_version" : 1,
"result" : "created",
"_shards" : {
"total" : 2,
"successful" : 2,
"failed" : 0
},
"created" : true
}
安装logstash
安装httpd
bash
[root@apache ~ 10:35:02]# yum -y install httpd
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-99.el7.centos.1 will be installed
--> Processing Dependency: httpd-tools = 2.4.6-99.el7.centos.1 for package: httpd-2.4.6-99.el7.centos.1.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-99.el7.centos.1.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-99.el7.centos.1.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-99.el7.centos.1.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-7.el7 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7_9.1 will be installed
---> Package httpd-tools.x86_64 0:2.4.6-99.el7.centos.1 will be installed
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================
Package Arch Version Repository Size
===============================================================================
Installing:
httpd x86_64 2.4.6-99.el7.centos.1 updates 2.7 M
Installing for dependencies:
apr x86_64 1.4.8-7.el7 base 104 k
apr-util x86_64 1.5.2-6.el7_9.1 updates 92 k
httpd-tools x86_64 2.4.6-99.el7.centos.1 updates 94 k
mailcap noarch 2.1.41-2.el7 base 31 k
Transaction Summary
===============================================================================
Install 1 Package (+4 Dependent packages)
Total download size: 3.0 M
Installed size: 10 M
Downloading packages:
(1/5): apr-util-1.5.2-6.el7_9.1.x86_64.rpm | 92 kB 00:00
(2/5): apr-1.4.8-7.el7.x86_64.rpm | 104 kB 00:00
(3/5): httpd-tools-2.4.6-99.el7.centos.1.x86_64.rpm | 94 kB 00:00
(4/5): mailcap-2.1.41-2.el7.noarch.rpm | 31 kB 00:00
(5/5): httpd-2.4.6-99.el7.centos.1.x86_64.rpm | 2.7 MB 00:00
-------------------------------------------------------------------------------
Total 3.2 MB/s | 3.0 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : apr-1.4.8-7.el7.x86_64 1/5
Installing : apr-util-1.5.2-6.el7_9.1.x86_64 2/5
Installing : httpd-tools-2.4.6-99.el7.centos.1.x86_64 3/5
Installing : mailcap-2.1.41-2.el7.noarch 4/5
Installing : httpd-2.4.6-99.el7.centos.1.x86_64 5/5
Verifying : httpd-2.4.6-99.el7.centos.1.x86_64 1/5
Verifying : mailcap-2.1.41-2.el7.noarch 2/5
Verifying : apr-1.4.8-7.el7.x86_64 3/5
Verifying : httpd-tools-2.4.6-99.el7.centos.1.x86_64 4/5
Verifying : apr-util-1.5.2-6.el7_9.1.x86_64 5/5
Installed:
httpd.x86_64 0:2.4.6-99.el7.centos.1
Dependency Installed:
apr.x86_64 0:1.4.8-7.el7 apr-util.x86_64 0:1.5.2-6.el7_9.1
httpd-tools.x86_64 0:2.4.6-99.el7.centos.1 mailcap.noarch 0:2.1.41-2.el7
Complete!
[root@apache ~ 13:56:01]# systemctl start httpd
[root@apache ~ 13:56:14]# cd /var/log/httpd/
[root@apache httpd 13:56:22]# ls
access_log error_log安装logstash
bash
[root@apache ~ 13:57:59]# rpm -ivh logstash-5.5.1.rpm
warning: logstash-5.5.1.rpm: Header V4 RSA/SHA512 Signature, key ID d88e42b4: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:logstash-1:5.5.1-1 ################################# [100%]
Using provided startup.options file: /etc/logstash/startup.options
Successfully created system startup script for Logstash
[root@apache ~ 13:58:21]# systemctl start logstash.service
[root@apache ~ 13:58:39]# systemctl enable logstash.service
Created symlink from /etc/systemd/system/multi-user.target.wants/logstash.service to /etc/systemd/system/logstash.service.
[root@apache ~ 13:58:46]# ln -s /usr/share/logstash/bin/logstash /usr/local/bin/logstash (apache 节点)与elasticsearch (node节点)做对接测试
登录 192.168.108.43 在Apache服务器上,输入采用标准输入 输出采用标准输出
bash
[root@apache ~ 13:59:18]# logstash -e 'input { stdin{} } output { stdout{} }'
ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console.
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path //usr/share/logstash/config/log4j2.properties. Using default config which logs to console
14:00:55.217 [main] INFO logstash.setting.writabledirectory - Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
14:00:55.225 [main] INFO logstash.setting.writabledirectory - Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/share/logstash/data/dead_letter_queue"}
14:00:55.269 [LogStash::Runner] INFO logstash.agent - No persistent UUID file found. Generating new UUID {:uuid=>"a7b70a63-07b3-4f96-bafa-4d7a48342676", :path=>"/usr/share/logstash/data/uuid"}
14:00:55.690 [[main]-pipeline-manager] INFO logstash.pipeline - Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>500}
14:00:55.785 [[main]-pipeline-manager] INFO logstash.pipeline - Pipeline main started
The stdin plugin is now waiting for input:
14:00:55.925 [Api Webserver] INFO logstash.agent - Successfully started Logstash API endpoint {:port=>9600}
www.baidu.com
2026-06-11T06:01:58.057Z apache www.baidu.com
www.qq.com
2026-06-11T06:02:02.168Z apache www.qq.com
^C14:02:04.522 [SIGINT handler] WARN logstash.runner - SIGINT received. Shutting down the agent.
14:02:04.542 [LogStash::Runner] WARN logstash.agent - stopping pipeline {:id=>"main"}rubydebug详细输出,codec编解码器
bash
[root@apache ~ 14:04:03]# logstash -e 'input { stdin{} } output { stdout{ codec=>rubydebug}}'
ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console.
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path //usr/share/logstash/config/log4j2.properties. Using default config which logs to console
14:04:38.652 [[main]-pipeline-manager] INFO logstash.pipeline - Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>500}
14:04:38.816 [[main]-pipeline-manager] INFO logstash.pipeline - Pipeline main started
The stdin plugin is now waiting for input:
14:04:38.936 [Api Webserver] INFO logstash.agent - Successfully started Logstash API endpoint {:port=>9600}
www.baidu.com
{
"@timestamp" => 2026-06-11T06:04:46.013Z,
"@version" => "1",
"host" => "apache",
"message" => "www.baidu.com"
}
^C14:04:48.014 [SIGINT handler] WARN logstash.runner - SIGINT received. Shutting down the agent.
14:04:48.033 [LogStash::Runner] WARN logstash.agent - stopping pipeline {:id=>"main"}logstash把信息写入elasticsearch中
bash
[root@apache ~ 14:04:48]# logstash -e 'input { stdin{} } output { elasticsearch { hosts=>["192.168.108.41:9200"]}}'
ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console.
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path //usr/share/logstash/config/log4j2.properties. Using default config which logs to console
14:06:29.608 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://192.168.108.41:9200/]}}
14:06:29.625 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://192.168.108.41:9200/, :path=>"/"}
14:06:29.858 [[main]-pipeline-manager] WARN logstash.outputs.elasticsearch - Restored connection to ES instance {:url=>#<Java::JavaNet::URI:0x50a91162>}
14:06:29.864 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Using mapping template from {:path=>nil}
14:06:30.265 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Attempting to install template {:manage_template=>{"template"=>"logstash-*", "version"=>50001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"_all"=>{"enabled"=>true, "norms"=>false}, "dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date", "include_in_all"=>false}, "@version"=>{"type"=>"keyword", "include_in_all"=>false}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
14:06:30.322 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Installing elasticsearch template to _template/logstash
14:06:30.685 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>[#<Java::JavaNet::URI:0x5e116636>]}
14:06:30.696 [[main]-pipeline-manager] INFO logstash.pipeline - Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>500}
14:06:30.846 [[main]-pipeline-manager] INFO logstash.pipeline - Pipeline main started
The stdin plugin is now waiting for input:
14:06:31.048 [Api Webserver] INFO logstash.agent - Successfully started Logstash API endpoint {:port=>9600}
www.baidu.com
www.360.com
www.qq.com
^C14:07:02.581 [SIGINT handler] WARN logstash.runner - SIGINT received. Shutting down the agent.
14:07:02.599 [LogStash::Runner] WARN logstash.agent - stopping pipeline {:id=>"main"}登录192.168.108.43 (Apache主机) 做对接配置
bash
[root@apache ~ 14:07:02]# chmod o+r /var/log/messages
[root@apache ~ 14:08:41]# vim /etc/logstash/conf.d/system.conf
[root@apache ~ 14:09:21]# systemctl restart logstash.service
[root@apache ~ 14:17:19]# systemctl status logstash.service
● logstash.service - logstash
Loaded: loaded (/etc/systemd/system/logstash.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2026-06-11 14:17:19 CST; 7s ago
Main PID: 64495 (java)
Tasks: 18
CGroup: /system.slice/logstash.service
└─64495 /usr/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -X...
Jun 11 14:17:19 apache systemd[1]: Started logstash.
input {
file{
path => "/var/log/messages"
type => "system"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => ["192.168.108.41:9200"]
index => "system-%{+YYYY.MM.dd}"
}
}5.安装Kibana
登录192.168.108.41 node1主机
在node1主机安装kibana
上传kibana-5.5.1-x86_64.rpm 到/usr/local/src目录
bash
[root@node1 ~ 12:39:14]# rpm -ivh kibana-5.5.1-x86_64.rpm
warning: kibana-5.5.1-x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID d88e42b4: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:kibana-5.5.1-1 ################################# [100%]
[root@node1 ~ 15:16:06]# cd /etc/kibana/
[root@node1 kibana 15:16:08]# cp kibana.yml kibana.yml.bak
[root@node1 kibana 15:16:13]# vim kibana.yml
[root@node1 kibana 15:17:34]# systemctl start kibana.service
[root@node1 kibana 15:17:41]# systemctl enable kibana.service
Created symlink from /etc/systemd/system/multi-user.target.wants/kibana.service to /etc/systemd/system/kibana.service.
[root@node1 kibana 15:17:47]# systemctl status kibana.service
● kibana.service - Kibana
Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2026-06-11 15:17:41 CST; 12s ago
Main PID: 31938 (node)
CGroup: /system.slice/kibana.service
└─31938 /usr/share/kibana/bin/../node/bin/node --no-warnings /usr/share/kibana/bin...
Jun 11 15:17:41 node1 systemd[1]: Started Kibana.
Jun 11 15:17:45 node1 kibana[31938]: {"type":"log","@timestamp":"2026-06-11T07:17:45Z","ta...d"}
Jun 11 15:17:45 node1 kibana[31938]: {"type":"log","@timestamp":"2026-06-11T07:17:45Z","ta...d"}
Jun 11 15:17:45 node1 kibana[31938]: {"type":"log","@timestamp":"2026-06-11T07:17:45Z","ta...d"}
Jun 11 15:17:45 node1 kibana[31938]: {"type":"log","@timestamp":"2026-06-11T07:17:45Z","ta....42
Jun 11 15:17:45 node1 kibana[31938]: {"type":"log","@timestamp":"2026-06-11T07:17:45Z","ta...d"}
Jun 11 15:17:45 node1 kibana[31938]: {"type":"log","@timestamp":"2026-06-11T07:17:45Z","ta...h"}
Jun 11 15:17:46 node1 kibana[31938]: {"type":"log","@timestamp":"2026-06-11T07:17:46Z","ta...d"}
Jun 11 15:17:46 node1 kibana[31938]: {"type":"log","@timestamp":"2026-06-11T07:17:46Z","ta...1"}
Jun 11 15:17:46 node1 kibana[31938]: {"type":"log","@timestamp":"2026-06-11T07:17:46Z","ta...d"}
Hint: Some lines were ellipsized, use -l to show in full.对接Apache主机的Apache 日志文件(访问的、错误的)
apache主机操作
bash
[root@apache kibana 15:14:58]# cd /etc/logstash/conf.d/
[root@apache conf.d 15:31:40]# touch apache_log.conf
[root@apache conf.d 15:31:46]# vim apache_log.conf
[root@apache conf.d 15:35:01]# /usr/share/logstash/bin/logstash -f apache_log.conf
ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console.
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path //usr/share/logstash/config/log4j2.properties. Using default config which logs to console
15:35:30.328 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://192.168.108.41:9200/]}}
15:35:30.334 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://192.168.108.41:9200/, :path=>"/"}
15:35:30.511 [[main]-pipeline-manager] WARN logstash.outputs.elasticsearch - Restored connection to ES instance {:url=>#<Java::JavaNet::URI:0x18ad0268>}
15:35:30.513 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Using mapping template from {:path=>nil}
15:35:30.930 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Attempting to install template {:manage_template=>{"template"=>"logstash-*", "version"=>50001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"_all"=>{"enabled"=>true, "norms"=>false}, "dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date", "include_in_all"=>false}, "@version"=>{"type"=>"keyword", "include_in_all"=>false}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
15:35:30.939 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>[#<Java::JavaNet::URI:0x7f9e9996>]}
15:35:30.942 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://192.168.108.41:9200/]}}
15:35:30.943 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://192.168.108.41:9200/, :path=>"/"}
15:35:30.951 [[main]-pipeline-manager] WARN logstash.outputs.elasticsearch - Restored connection to ES instance {:url=>#<Java::JavaNet::URI:0x7cfd6150>}
15:35:30.952 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Using mapping template from {:path=>nil}
15:35:30.964 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Attempting to install template {:manage_template=>{"template"=>"logstash-*", "version"=>50001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"_all"=>{"enabled"=>true, "norms"=>false}, "dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date", "include_in_all"=>false}, "@version"=>{"type"=>"keyword", "include_in_all"=>false}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
15:35:30.974 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>[#<Java::JavaNet::URI:0x2ddf3b9e>]}
15:35:30.983 [[main]-pipeline-manager] INFO logstash.pipeline - Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>500}
15:35:31.586 [[main]-pipeline-manager] INFO logstash.pipeline - Pipeline main started
15:35:31.768 [Api Webserver] INFO logstash.agent - Successfully started Logstash API endpoint {:port=>9601}dns实验
打开连接server2016的win10作为dns客户端
ipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>500}
15:35:31.586 \[main-pipeline-manager] INFO logstash.pipeline - Pipeline main started
15:35:31.768 Api Webserver INFO logstash.agent - Successfully started Logstash API endpoint {:port=>9601}
[外链图片转存中...(img-mOJSowMm-1782293797676)]
[外链图片转存中...(img-JzMlsEj5-1782293797676)]
dns实验
打开连接server2016的win10作为dns客户端
[外链图片转存中...(img-hTX28Azy-1782293797676)]
