Logstash寫入到Syslog,配置文件可以參考Syslog output plugin官網實現,這裏簡單寫一個例子:
output{
syslog {
host => "your host"
port => 5140
protocol => "udp"
codec => plain {
format => "%{message}"
}
}
}
配置完成後,運行Logstash:bin/logstash -f conf.d/logstash.conf,發現運行錯誤,錯誤如下所示:
[ERROR][logstash.plugins.registry] Tried to load a plugin's code, but failed. {:exception=>#<LoadError: no such file to load -- logstash/outputs/syslog>, :path=>"logsttputs/syslog", :type=>"output", :name=>"syslog"}
[ERROR][logstash.agent] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::PluginLoadingError", :m=>"Couldn't find any output plugin named 'syslog'. Are you sure this is correct? Trying to load the syslog output plugin resulted in this error: no such file to load -- logstash/outputs/syslogcktrace=>["/home/test/software/logstash-7.3.1/logstash-core/lib/logstash/plugins/registry.rb:221:in `lookup_pipeline_plugin'", "/home/test/software/logstash-7.3.1/logcore/lib/logstash/plugin.rb:143:in `lookup'", "org/logstash/plugins/PluginFactoryExt.java:203:in `plugin'", "org/logstash/plugins/PluginFactoryExt.java:140:in `buildOutput'", "org/logstash/exe/JavaBasePipelineExt.java:50:in `initialize'", "/home/test/software/logstash-7.3.1/logstash-core/lib/logstash/java_pipeline.rb:24:in `initialize'", "/home/test/softwastash-7.3.1/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/home/test/software/logstash-7.3.1/logstash-core/lib/logstash/agent.rb:325:in `block in converge'"]}
原因在於:Logstash默認是沒有Syslog output plugin的,可以使用命令 bin/logstash-plugin list 查看。那麼就需要自己安裝了,我這裏提供一種安裝方法(參考:https://blog.csdn.net/fgf00/article/details/90383884):
1)下載插件:https://rubygems.org/gems/logstash-output-syslog/versions/3.0.5
2)將下載下來的gem文件放置到指定位置
cd logstash-7.3.1/
mkdir otherPlugin
將gem文件放置到otherPlugin文件夾下
3)zip -r logstash-output-syslog-3.0.5.zip otherPlugin
4)安裝:bin/logstash-plugin install file:///logstash-7.3.1/logstash-output-syslog-3.0.5.zip
5)查看列表 中是否存在logstash-output-syslog: bin/logstash-plugin list