#!/bin/bash
sudo yum install net-tools -y
#配置信息
HOSTNAME=`hostname`
#所有节点主机名
NODE_1=node-1
NODE_2=node-2
NODE_3=node-3
#所有节点 IP
NODE_1_IP=10.0.0.21
NODE_2_IP=10.0.0.22
NODE_3_IP=10.0.0.23
#用户 / 明码
ELK_USER=es
ELK_USER_PASSWORD=123
install_logstash(){
#ELK 用户
if id -u ${ELK_USER} >/dev/null 2>&1; then
echo "user exists"
else
echo "user does not exist"
useradd ${ELK_USER}
echo "${ELK_USER_PASSWORD}" | passwd --stdin ${ELK_USER}
fi
#对立目录
if [! -d "/data/software"]; then
mkdir -p /data/software/
fi
if [! -d "/data/modules/mysql/"]; then
mkdir -p /data/modules/
fi
#近程下载
cd /data/software/
file="logstash-7.17.0-linux-x86_64.tar.gz"
if [! -f $file]; then
yum install -y wget && wget https://artifacts.elastic.co/downloads/logstash/logstash-7.17.0-linux-x86_64.tar.gz
#exit 0
fi
#解压装置
cd /data/software
tar -zxvf logstash-7.17.0-linux-x86_64.tar.gz -C /data/modules/
cd /data/modules
mv logstash-7.17.0 logstash
#写入配置
cd /data/modules/logstash/config
cat > logstash-simple.conf << EOF
input {
beats {port => 5044}
file {
#Nginx 日志目录
path => "/usr/local/nginx/logs/access.log"
start_position => "beginning"
}
}
filter {if [path] =~ "access" {mutate { replace => { "type" => "apache_access"} }
grok {match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
date {
#工夫戳
match => ["timestamp" , "dd/MMM/yyyy:HH:mm:ss Z"]
}
}
output {
elasticsearch {
#承受主机
hosts => ["${NODE_1_IP}:9200","${NODE_2_IP}:9200","${NODE_3_IP}:9200"]
}
stdout {codec => rubydebug}
}
EOF
#目录受权
chmod u+x /data/modules/logstash/bin
chown -R es:es /data/modules/logstash
#开启端口
firewall-cmd --zone=public --add-port=5044/tcp --permanent;
firewall-cmd --reload;
firewall-cmd --list-all;
}
install_logstash
#启动服务
cd /data/modules/logstash
#./bin/logstash -f ./config/logstash-simple.conf -d
#后盾启动
nohup ./bin/logstash -f ./config/logstash-simple.conf &