Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
864 views
in Technique[技术] by (71.8m points)

logstash - Amazon Linux 2 server monitoring with ELK stack

I am new in Kibana. The problem is that I installed an ELK stack on the Ubuntu 20.04 server. I have no problem getting any logs from all of my other servers regardless of the operating system they are using. However, I am have problems with the filebeat modules and dashboards that came with it. For example [Filebeat System] Syslog dashboard ECS everything works fine with Ubuntu servers, but with Amazon Linux 2 servers I get correct data only from the syslog board. Sudo commands and SSH logins do not return anything. It's the same with Redis and mongodb dashboards. Somehow I managed to get the nginx dashboard to work. My setup looks like this: Master server monitoring with ELK and filebeat installed. The monitoring target are on other servers under the direction of the amazon linux 1 2, and ubuntu 16 18 20. They have filebeat 7.10 installed on them, which transmits data to the logstash main server. On master server i have 2 config files to logstash input/output.

    /etc/logstash/conf.d/02-beats-input.conf
    input {
      beats {
        port => 5044
      }
    }

and

    /etc/logstash/conf.d/30-elasticsearch-output.conf
    output {
      if [@metadata][pipeline] {
        elasticsearch {
        hosts => ["localhost:9200"]
        manage_template => false
        index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
        pipeline => "%{[@metadata][pipeline]}"
        }
      } else {
        elasticsearch {
        hosts => ["localhost:9200"]
        manage_template => false
        index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
        }
      }
    }

Please tell me what other useful information I can send you. Or correct if I'm doing something wrong. Thank you. Regards.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
等待大神答复

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...