logstash 接收 syslog 消息調試

linux logger、rsyslog：

logger 生成 message 日誌：logger -t aaaaaaaaa mmmmmmmmmmm

查看生成的日誌：tail -f /var/log/messages

rsyslog 配置：/etc/rsyslog.conf

配置 rsyslog 輸出到指定地址（如 logstash）：

重啓 rsyslog 服務：service rsyslog restart

 

logstash 接收 rsyslog 消息：

input {
  syslog {
    port => "514"
    add_field => [ "type", "syslog"]
  }
}

filter {
  if "syslog" in [type]
    {
       grok {}
       mutate {
        add_field => [ "a", "%{[host]}"]
        add_field => [ "b", "0"]
       }
    }
  geoip {}
}

output {
  kafka {
    bootstrap_servers => "192.168.0.100:9092"
    topic_id => "tttttest"
    #compression_type => "snappy"
    codec => "json"
  } 
 
 # stdout { codec => rubydebug }  # 調試輸出
}