Logstash

Logstash 설치

• java 설치확인
• wget https://artifacts.elastic.co/downloads/logstash/logstash-7.10.1-amd64.deb
• sudo dpkg -i logstash-7.10.1-amd64.deb

input {          stdin { }  }  output {          stdout { }  }

logstash-simple.conf (간단한 테스트를 위한 파일작성)

•  실행
  • /usr/share/logstash/bin/logstash -f ~/logstash/logstash-simple.conf

logstash실행

 

fileBeat 설치(www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html)

• curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.10.1-amd64.deb
• sudo dpkg -i filebeat-7.10.1-amd64.deb
• /usr/share/filebeat/ 위치에 설치 확인

 

curator 설치

• apt install python-pip
• pip install elasticsearch-curator

curator 설치확인

 

---  # Remember, leave a key empty if there is no value.  None will be a string,  # not a Python "NoneType"  client:    hosts:      - 127.0.0.1    port: 9200    url_prefix:    use_ssl: False    certificate:    client_cert:    client_key:    ssl_no_validate: False    http_auth:    timeout: 30    master_only: False  logging:    loglevel: INFO    logfile:    logformat: default    blacklist: ['elasticsearch', 'urllib3']

curator-config.yml

---  actions:    1:      action: delete_indices      description: >-        Delete indices older than 30 days (based on index name), for tomcat-        prefixed indices. Ignore the error if the filter does not result in an        actionable list of indices (ignore_empty_list) and exit cleanly.      options:        ignore_empty_list: True        timeout_override:        continue_if_exception: False        disable_action: False      filters:      - filtertype: pattern        kind: prefix        value: tomcat-        exclude:      - filtertype: age        source: name        direction: older        timestring: '%Y.%m.%d'        unit: days        unit_count: 30        exclude:

delete.yml

•  명령어
  • /usr/local/bin/curator --config curator-config.yml --dry-run delete.yml
  • cron 등록 및 스케쥴링 job 생성