1、rpm安装Logstash
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.8.7.rpm
yum install -y logstash-6.8.7.rpm
2、创建syslog配置
input {
beats{
port=> 5044
}
}
output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "k8s-log-%{+YYYY-MM-dd}"
}
}
```bash
修改配置文件logstash.yml
vim /etc/logstash/logstash.yml
设置管道配置文件路径为/etc/logstash/conf.d
path.config: /etc/logstash/conf.d
``
3、直接在命令行运行查看效果
cd /usr/share/logstash/bin
logstash -f /etc/logstash/conf.d/logstash.conf
4、常用指令
systemctl start logstash
systemctl status logstash
systemctl enable logstash
5、采集k8s系统组件日志
k8s-logs.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: k8s-logs-filebeat-config
namespace: kube-system
data:
filebeat.yml: |-
filebeat.prospectors:
- type: log
paths:
- /messages
fields:
app: k8s
type: module
fields_under_root: true
output.logstash:
hosts: ['192.168.56.104:5044']
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: k8s-logs
namespace: kube-system
spec:
selector:
matchLabels:
project: k8s
app: filebeat
template:
metadata:
labels:
project: k8s
app: filebeat
spec:
containers:
- name: filebeat
image: collenzhao/filebeat:6.5.4
args: [
"-c", "/etc/filebeat.yml",
"-e",
]
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 500m
memory: 500Mi
securityContext:
runAsUser: 0
volumeMounts:
- name: filebeat-config
mountPath: /etc/filebeat.yml
subPath: filebeat.yml
- name: k8s-logs
mountPath: /messages
volumes:
- name: k8s-logs
hostPath:
path: /var/log/messages
type: File
- name: filebeat-config
configMap:
name: k8s-logs-filebeat-config
6、效果
