(1) Deploy redis
1. Install redis
yum install epel-release -y
yum install redis -y
2. Modify the configuration file
#vim /etc/redis.conf
bind 0.0.0.0
daemonize yes
save ""
requirepass 123456
3. Start redis
systemctl enable redis
systemctl restart redis
(2) Configure logstash to write logs to redis
1. Modify the configuration file
input {
file {
path => "/var/log/messages"
type => "systemlog"
start_position => "beginning"
stat_interval => "2"
}
}
output {
if [type] == "systemlog" {
redis {
data_type => "list"
host => "192.168.1.31"
db => "6"
port => "6379"
password => "123456"
key => "systemlog"
}
}
}
2. Start
logstash -f /etc/logstash/conf.d/redis.conf -t
logstash -f /etc/logstash/conf.d/redis.conf
3. Write log to messages log
cat /etc/hosts >>/var/log/messages
4. Log in to redis to view
# redis-cli -h 192.168.1.31
192.168.1.31:6379> auth 123456
OK
192.168.1.31:6379> select 6
OK
192.168.1.31:6379[6]> keys *
1) "systemlog"
192.168.1.31:6379[6]> llen systemlog
(integer) 11292
192.168.1.31:6379[6]> lpop systemlog
(3) Configure logstash to retrieve data from redis to elasticsearch
1. Modify the configuration file
input {
redis {
type => "systemlog"
host => "192.168.1.31"
password => '123456'
port => "6379"
db => "6"
data_type => "list"
key => "systemlog"
}
}
output {
if [type] == "systemlog" {
elasticsearch {
hosts => ["192.168.1.31:9200"]
index => "redis-systemlog-%{+YYYY.MM.dd}"
}
}
}
2. Start
logstash -f /etc/logstash/conf.d/redis.conf -t
logstash -f /etc/logstash/conf.d/redis.conf
3. Start the head plugin to view the index
