1.创建logstash容器并启动
docker run -it \
-p 9600:9600 \
-p 5044:5044 \
--name logstash \
logstash:8.3.3
2.另开一个窗口登录服务器
执行
docker cp logstash:/usr/share/logstash/config /home/mfw/elk/logstash/
docker cp logstash:/usr/share/logstash/pipeline /home/mfw/elk/logstash/
3.给挂载目录设置权限,使容器内外权限一致,logstash内部用户gid:1000,uid:1000
停掉logstash容器;
chown -R 1000:1000 ~/elk/logstash
4.创建logstash运行脚本
mkdir ~/elk/logstash/shell/
vim ~/elk/logstash/shell/logstash.sh
设置脚本如下:
#!/bin/sh
docker run -itd \
--name logstash \
-p 9600:9600 \
-p 5044:5044 \
-v /home/mfw/elk/logstash/config:/usr/share/logstash/config \
-v /home/mfw/elk/logstash/pipeline:/usr/share/logstash/pipeline \
logstash:8.3.3
5.logstash运行脚本赋予执行权限
chmod +x ~/elk/logstash/shell/logstash.sh
6.将elasticsearch服务的证书文件copy到logstash配置目录下
cp -fr /home/mfw/elk/elasticsearch/config/certs /home/mfw/elk/logstash/config/certs
7.修改logstash的配置文件
vim ~/elk/logstash/config/logstash.yml
ℹ️ Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):
+4TMJBgOpjdgH+1MJ0nC
8.测试logstash是否能连接上elasticsearch
#删除logstash容器
docker rm -f logstash
#创建logstash容器并启动(非后台模式)
docker run -it \
--name logstash \
-p 9600:9600 \
-p 5044:5044 \
-v /home/mfw/elk/logstash/config:/usr/share/logstash/config \
-v /home/mfw/elk/logstash/pipeline:/usr/share/logstash/pipeline \
logstash:8.3.3
没有打印error日志表示logstash与elasticsearch连接没有问题
9.删除之前创建的logstash容器并运行启动脚本
docker rm -f logstash
~/elk/logstash/shell/logstash.sh
10.浏览器访问http://logstash所在服务器ip:9600/
看到如下信息表示服务启动成功
