前置操作 开放端口,例如:25044
创建logstash相关文件夹,例如:/data/logstash
shellmkdir -p /data/logstash
创建logstash.sh
文件,并授权可执行权限
shelltouch /data/logstash/logstash.sh chmod 770 /data/logstash/logstash.sh vim /data/logstash/logstash.sh
logstash.sh
文件在编辑模式下,添加以下内容
shell#!/bin/bash
# 停止旧容器运行
docker stop logstash
# 删除旧容器
docker rm logstash
docker run -itd \
--privileged=true \
-v /data/logstash/data:/usr/share/logstash/data \
-p 25044:5044 \
--name logstash \
--restart=always \
logstash:7.17.5
# 将容器配置文件拷贝到宿主机
docker cp logstash:/usr/share/logstash/config /data/logstash
docker cp logstash:/usr/share/logstash/pipeline /data/logstash
exit 0
运行脚本启动容器
shell/data/logstash/logstash.sh
文件夹递归授权
shellchmod -R 770 /data/logstash
进入/data/logstash/config文件夹修改配置文件logstash.yml
,内容如下
yamlhttp.host: "0.0.0.0"
# 开启用户认证
xpack.monitoring.enabled: true
# es访问地址
xpack.monitoring.elasticsearch.hosts: [ "elasticsearch数据访问的ip+port" ]
# es账号
xpack.monitoring.elasticsearch.username: "elastic"
# es密码
xpack.monitoring.elasticsearch.password: "elastic对应的密码"
进入/data/logstash/pipeline文件夹下,修改logstash.conf
文件,内容如下
shellinput { tcp { mode => "server" host => "0.0.0.0" port => 5044 codec => json_lines } } output { elasticsearch { hosts => ["elasticsearch数据访问的ip+port"] index => "connector" user => "elastic" password => "elastic对应的密码" } stdout { codec => rubydebug } }
再次修改elasticsearch.sh
文件,修改后的内容如下,再次执行脚本
shell#!/bin/bash
# 停止旧容器运行
docker stop logstash
# 删除旧容器
docker rm logstash
docker run -itd \
--privileged=true \
-v /data/logstash/data:/usr/share/logstash/data \
-v /data/logstash/config:/usr/share/logstash/config \
-v /data/logstash/pipeline:/usr/share/logstash/pipeline \
-p 25044:5044 \
--name logstash \
--restart=always \
logstash:7.17.5
exit 0
注:容器默认jvm为1G,若需要修改则进入
/data/logstash/config
文件夹修改jvm.options
文件shell-Xms256m -Xmx256m