#!/bin/bashsudo yum install net-tools -y#配置信息HOSTNAME=`hostname`#所有节点主机名NODE_1=node-1NODE_2=node-2NODE_3=node-3#所有节点IPNODE_1_IP=10.0.0.21NODE_2_IP=10.0.0.22NODE_3_IP=10.0.0.23#用户/明码ELK_USER=esELK_USER_PASSWORD=123install_logstash(){#ELK用户if id -u ${ELK_USER} >/dev/null 2>&1; then        echo "user exists"else        echo "user does not exist"        useradd ${ELK_USER}        echo "${ELK_USER_PASSWORD}" | passwd --stdin ${ELK_USER}fi#对立目录if [ ! -d "/data/software" ]; then    mkdir -p /data/software/fiif [ ! -d "/data/modules/mysql/" ]; then    mkdir -p /data/modules/fi#近程下载cd /data/software/file="logstash-7.17.0-linux-x86_64.tar.gz"if [ ! -f $file ]; then    yum install -y wget && wget https://artifacts.elastic.co/downloads/logstash/logstash-7.17.0-linux-x86_64.tar.gz    #exit 0fi#解压装置cd /data/softwaretar -zxvf logstash-7.17.0-linux-x86_64.tar.gz -C /data/modules/cd /data/modulesmv logstash-7.17.0 logstash#写入配置cd /data/modules/logstash/configcat > logstash-simple.conf << EOFinput {  beats {    port => 5044  }  file {    #Nginx日志目录    path => "/usr/local/nginx/logs/access.log"    start_position => "beginning"  }}filter {  if [path] =~ "access" {    mutate { replace => { "type" => "apache_access" } }    grok {      match => { "message" => "%{COMBINEDAPACHELOG}" }    }  }  date {    #工夫戳    match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]  }}output {  elasticsearch {    #承受主机    hosts => ["${NODE_1_IP}:9200","${NODE_2_IP}:9200","${NODE_3_IP}:9200"]  }  stdout { codec => rubydebug }}EOF#目录受权chmod u+x /data/modules/logstash/binchown -R es:es /data/modules/logstash#开启端口firewall-cmd --zone=public --add-port=5044/tcp --permanent;firewall-cmd --reload;firewall-cmd --list-all;}install_logstash#启动服务cd /data/modules/logstash#./bin/logstash -f ./config/logstash-simple.conf -d#后盾启动nohup ./bin/logstash -f ./config/logstash-simple.conf &