#!/bin/bashsudo yum install net-tools -y#配置信息HOSTNAME=`hostname`#所有节点主机名NODE_1=node-1NODE_2=node-2NODE_3=node-3#所有节点IPNODE_1_IP=10.0.0.21NODE_2_IP=10.0.0.22NODE_3_IP=10.0.0.23#用户/明码ELK_USER=esELK_USER_PASSWORD=123install_logstash(){#ELK用户if id -u ${ELK_USER} >/dev/null 2>&1; then echo "user exists"else echo "user does not exist" useradd ${ELK_USER} echo "${ELK_USER_PASSWORD}" | passwd --stdin ${ELK_USER}fi#对立目录if [ ! -d "/data/software" ]; then mkdir -p /data/software/fiif [ ! -d "/data/modules/mysql/" ]; then mkdir -p /data/modules/fi#近程下载cd /data/software/file="logstash-7.17.0-linux-x86_64.tar.gz"if [ ! -f $file ]; then yum install -y wget && wget https://artifacts.elastic.co/downloads/logstash/logstash-7.17.0-linux-x86_64.tar.gz #exit 0fi#解压装置cd /data/softwaretar -zxvf logstash-7.17.0-linux-x86_64.tar.gz -C /data/modules/cd /data/modulesmv logstash-7.17.0 logstash#写入配置cd /data/modules/logstash/configcat > logstash-simple.conf << EOFinput { beats { port => 5044 } file { #Nginx日志目录 path => "/usr/local/nginx/logs/access.log" start_position => "beginning" }}filter { if [path] =~ "access" { mutate { replace => { "type" => "apache_access" } } grok { match => { "message" => "%{COMBINEDAPACHELOG}" } } } date { #工夫戳 match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ] }}output { elasticsearch { #承受主机 hosts => ["${NODE_1_IP}:9200","${NODE_2_IP}:9200","${NODE_3_IP}:9200"] } stdout { codec => rubydebug }}EOF#目录受权chmod u+x /data/modules/logstash/binchown -R es:es /data/modules/logstash#开启端口firewall-cmd --zone=public --add-port=5044/tcp --permanent;firewall-cmd --reload;firewall-cmd --list-all;}install_logstash#启动服务cd /data/modules/logstash#./bin/logstash -f ./config/logstash-simple.conf -d#后盾启动nohup ./bin/logstash -f ./config/logstash-simple.conf &