FreezeJ' Blog

Logstash 7.14部署

2022-04-01

使用系统centos7.8

操作命令

wget https://artifacts.elastic.co/downloads/logstash/logstash-7.14.2-linux-x86_64.tar.gz
tar xf  logstash-7.14.2-linux-x86_64.tar.gz
mv logstash-7.14.2 /data/logstash
useradd logstash -s /usr/sbin/nologin -U -M --system
mkdir -p /data/logstash/logs
chown -R logstash.logstash /data/logstash

配置文件

/data/logstash/config/startup.options

################################################################################
# These settings are ONLY used by $LS_HOME/bin/system-install to create a custom
# startup script for Logstash and is not used by Logstash itself. It should
# automagically use the init system (systemd, upstart, sysv, etc.) that your
# Linux distribution uses.
#
# After changing anything here, you need to re-run $LS_HOME/bin/system-install
# as root to push the changes to the init script.
################################################################################

# Override Java location
# JAVACMD=/usr/bin/java

# Set a home directory
LS_HOME=/data/logstash

# logstash settings directory, the path which contains logstash.yml
LS_SETTINGS_DIR=/data/logstash/config

# Arguments to pass to logstash
LS_OPTS="--path.settings ${LS_SETTINGS_DIR}"

# Arguments to pass to java
LS_JAVA_OPTS=""

# pidfiles aren't used the same way for upstart and systemd; this is for sysv users.
LS_PIDFILE=/var/run/logstash.pid

# user and group id to be invoked as
LS_USER=logstash
LS_GROUP=logstash

# Enable GC logging by uncommenting the appropriate lines in the GC logging
# section in jvm.options
LS_GC_LOG_FILE=/data/logstash/logs/gc.log

# Open file limit
LS_OPEN_FILES=16384

# Nice level
LS_NICE=19

# Change these to have the init script named and described differently
# This is useful when running multiple instances of Logstash on the same
# physical box or vm
SERVICE_NAME="logstash"
SERVICE_DESCRIPTION="logstash"

# If you need to run a command or script before launching Logstash, put it
# between the lines beginning with `read` and `EOM`, and uncomment those lines.
###
## read -r -d '' PRESTART << EOM
## EOM

Logstash自带了安装启动服务的脚本,配置好startup.options执行:

# 默认日志输出到/var/log/下
/data/logstash/bin/system-install /data/logstash/config/startup.options sysv

启动脚本

/etc/init.d/logstash

#!/bin/sh
# Init script for logstash
# Maintained by 
# Generated by pleaserun.
# Implemented based on LSB Core 3.1:
#   * Sections: 20.2, 20.3
#
### BEGIN INIT INFO
# Provides:          logstash
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: 
# Description:       logstash
### END INIT INFO

PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH

name=logstash
program=/data/logstash/bin/logstash
args=--path.settings\ /data/logstash/config
pidfile="/var/run/$name.pid"
user="logstash"
group="logstash"
chroot="/"
chdir="/"
nice="19"
limit_open_files="16384"


# If this is set to 1, then when `stop` is called, if the process has
# not exited within a reasonable time, SIGKILL will be sent next.
# The default behavior is to simply log a message "program stop failed; still running"
KILL_ON_STOP_TIMEOUT=0

# When loading default and sysconfig files, we use `set -a` to make
# all variables automatically into environment variables.
set -a
[ -r /etc/default/logstash ] && . /etc/default/logstash
[ -r /etc/sysconfig/logstash ] && . /etc/sysconfig/logstash
set +a

[ -z "$nice" ] && nice=0

trace() {
  logger -t "/etc/init.d/logstash" "$@"
}

emit() {
  trace "$@"
  echo "$@"
}

start() {

  # Ensure the log directory is setup correctly.
  if [ ! -d "/data/logstash/logs" ]; then 
    mkdir "/data/logstash/logs"
    chown "$user":"$group" "/data/logstash/logs"
    chmod 755 "/data/logstash/logs"
  fi


  # Setup any environmental stuff beforehand
  ulimit -n ${limit_open_files}

  # Run the program!
  nice -n "$nice" \
  chroot --userspec "$user":"$group" "$chroot" sh -c "
    ulimit -n ${limit_open_files}
    cd \"$chdir\"
    exec \"$program\" $args
  " >> /data/logstash/logs/logstash-stdout.log 2>> /data/logstash/logs/logstash-stderr.log &

  # Generate the pidfile from here. If we instead made the forked process
  # generate it there will be a race condition between the pidfile writing
  # and a process possibly asking for status.
  echo $! > $pidfile

  emit "$name started"
  return 0
}

stop() {
  # Try a few times to kill TERM the program
  if status ; then
    pid=$(cat "$pidfile")
    trace "Killing $name (pid $pid) with SIGTERM"
    kill -TERM $pid
    # Wait for it to exit.
    for i in 1 2 3 4 5 ; do
      trace "Waiting $name (pid $pid) to die..."
      status || break
      sleep 1
    done
    if status ; then
      if [ "$KILL_ON_STOP_TIMEOUT" -eq 1 ] ; then
        trace "Timeout reached. Killing $name (pid $pid) with SIGKILL.  This may result in data loss."
        kill -KILL $pid
        emit "$name killed with SIGKILL."
      else
        emit "$name stop failed; still running."
      fi
    else
      emit "$name stopped."
    fi
  fi
}

status() {
  if [ -f "$pidfile" ] ; then
    pid=$(cat "$pidfile")
    if ps -p $pid > /dev/null 2> /dev/null ; then
      # process by this pid is running.
      # It may not be our pid, but that's what you get with just pidfiles.
      # TODO(sissel): Check if this process seems to be the same as the one we
      # expect. It'd be nice to use flock here, but flock uses fork, not exec,
      # so it makes it quite awkward to use in this case.
      return 0
    else
      return 2 # program is dead but pid file exists
    fi
  else
    return 3 # program is not running
  fi
}

force_stop() {
  if status ; then
    stop
    status && kill -KILL $(cat "$pidfile")
  fi
}


case "$1" in
  force-start|start|stop|force-stop|restart)
    trace "Attempting '$1' on logstash"
    ;;
esac

case "$1" in
  force-start)
    PRESTART=no
    exec "$0" start
    ;;
  start)
    status
    code=$?
    if [ $code -eq 0 ]; then
      emit "$name is already running"
      exit $code
    else
      start
      exit $?
    fi
    ;;
  stop) stop ;;
  force-stop) force_stop ;;
  status)
    status
    code=$?
    if [ $code -eq 0 ] ; then
      emit "$name is running"
    else
      emit "$name is not running"
    fi
    exit $code
    ;;
  restart)

    stop && start
    ;;
  *)
    echo "Usage: $SCRIPTNAME {start|force-start|stop|force-start|force-stop|status|restart}" >&2
    exit 3
  ;;
esac

exit $?

配置pipelines.yml

mkdir -p /data/logstash/config/conf.d/
cp /data/logstash/config/logstash-sample.conf /data/logstash/config/conf.d/logstash.conf 
chown logstash.logstash /data/logstash/config/conf.d/

添加配置,指定conf.d目录

- pipeline.id: test
  queue.type: persisted
  path.config: "/data/logstash/config/conf.d/*.conf"

启动服务

chmod 755 /etc/init.d/logstash
chkconfig logstash on  # 设置开机启动
chkconfig --list  # 查看开机启动服务
systemctl daemon-reload
systemctl start logstash
Tags: ELK
Kibana 7.14部署 filebeat 7.14部署