使用Logstash从具有文件输入插件的远程计算机上读取日志文件 [英] Read log file from a remote machine with file input plugin using logstash

问题描述

目前我的日志和logstash运行在同一台计算机上，因此我使用此配置(使用拉模型)读取了放置在本地计算机上的日志

Presently I have my logs and logstash running on the same machine, so I read my logs placed on my local machine with this config(using pull model)

input {     
    file {
        path => "/home/Desktop/Logstash-Input/**/*_log"
        start_position => "beginning"
    }
}

现在，我们在另一台计算机上运行了logstash，并希望读取日志远程机器.

Now, we have logstash running on a different machine and want to read the logs remote mechine.

是否可以在配置文件的文件输入中设置IP?

Is there a way to set the ip in file input of config file?

我设法通过logstash-forwarder(这是一个推送模型)来做到这一点(log shipper/logstash-forwarder会将日志发送到logstash索引服务器)，但我仍在寻找没有shipper的pull模型，logstash索引服务器将直接联系到远程主机.

I manage to do this with logstash-forwarder which is a push model(log shipper/logstash-forwarder will ship log to logstash index server) but still i am looking for a pull model without shipper, where logstash index server will go and contact directly to remote host.

推荐答案

看看FileBeat:https://www.elastic.co/products/beats/filebeat

Take a look to FileBeat: https://www.elastic.co/products/beats/filebeat

这不是拉动模型，但它似乎比logstash-forwarder更好.

It´s not a pull model but it seems a better choice than logstash-forwarder.

它监视日志文件并将其转发到Logstash或Elasticsearh.它还保留日志文件的状态，并保证事件将至少发送一次(取决于日志轮转速度).真的很容易配置:

It monitors log files and forwards them to Logstash or Elasticsearh. It keeps also the state of log files and guarantees that events will be delivered at least one time (depends on log rotation speed). It's really easy to configure:

输入配置:

input_type: log
paths:
- /opt/app/logs

输出配置

output.logstash:
  hosts: ["remote_host:5044"]
  index: filebeat_logs

在logstash端，您必须安装并配置Beats输入插件:

In the logstash side you must install and configure the Beats input plugin:

input {
  beats {
    port => 5044
  }
}

这篇关于使用Logstash从具有文件输入插件的远程计算机上读取日志文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！