概述
Information : 玩ELK也挺久了,有时间把遇到的坑都写出来
1. 测试环境
CentOS7 操作系统 , rsyslog , logstash6.2.4(二进制方式安装)
2. 问题
在设置以logstash用户去启动服务的时候会发生如下报错
Jul 27 17:39:02 zabbix-server logstash: [2019-07-27T17:39:02,995][INFO ][logstash.inputs.syslog ] Starting syslog udp listener {:address=>"0.0.0.0:514"}
Jul 27 17:39:03 zabbix-server logstash: [2019-07-27T17:39:02,997][WARN ][logstash.inputs.syslog ] syslog listener died {:protocol=>:udp, :address=>"0.0.0.0:514",
:exception=>#<Errno::EACCES: Permission denied - bind(2) for "0.0.0.0" port 514>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:197:in `bind'",
"/usr/local/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:149:in `udp_listener'",
"/usr/local/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:130:in `server'",
"/usr/local/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:110:in `block in run'"]}
原因启动端口的时候没有权限,是因为Linux系统的安全设置,1024以下端口的应用程序启动必须以root 用户去启动,不能以普通用户去启动
3. 解决方法
(1)以root去启动logstash服务
logstash.service
[Unit] Description=logstash [Service] Type=simple User=root Group=root Environment=JAVA_HOME=/usr/local/jdk Environment=LS_HOME=/usr/local/logstash Environment=LS_SETTINGS_DIR=/usr/local/logstash/config/ Environment=LS_PIDFILE=/usr/local/logstash/logstash.pid Environment=LS_USER=root Environment=LS_GROUP=root Environment=LS_GC_LOG_FILE=/usr/local/logstash/logs/gc.log Environment=LS_OPEN_FILES=16384 Environment=LS_NICE=19 Environment=SERVICE_NAME=logstash Environment=SERVICE_DESCRIPTION=logstash ExecStart=/usr/local/logstash/bin/logstash "--path.settings" "/usr/local/logstash/config/" Restart=always WorkingDirectory=/usr/local/logstash Nice=19 LimitNOFILE=16384 [Install] WantedBy=multi-user.target
logstash配置
input {
syslog {
port => "514"
}
}
filter {
}
output {
stdout { codec => rubydebug }
}
测试结果:
(2)以logstash普通用户去启动Logstash服务,设置firewalld防火墙把514端口流量转发到1300端口,logstash中syslog设置以1300端口去接口日志信息
logstash.service如下:
[Unit] Description=logstash [Service] Type=simple User=logstash Group=logstash Environment=JAVA_HOME=/usr/local/jdk Environment=LS_HOME=/usr/local/logstash Environment=LS_SETTINGS_DIR=/usr/local/logstash/config/ Environment=LS_PIDFILE=/usr/local/logstash/logstash.pid Environment=LS_USER=logstash Environment=LS_GROUP=logstash Environment=LS_GC_LOG_FILE=/usr/local/logstash/logs/gc.log Environment=LS_OPEN_FILES=16384 Environment=LS_NICE=19 Environment=SERVICE_NAME=logstash Environment=SERVICE_DESCRIPTION=logstash ExecStart=/usr/local/logstash/bin/logstash "--path.settings" "/usr/local/logstash/config/" Restart=always WorkingDirectory=/usr/local/logstash Nice=19 LimitNOFILE=16384 [Install] WantedBy=multi-user.target
logstash的conf测试配置
input {
syslog {
port => "1300"
}
}
filter {
}
output {
stdout { codec => rubydebug }
}
设置firewalld防火墙端口转发,514端口流量转发至 1300端口
firewall-cmd --permanent --zone=public --add-port=514/tcp firewall-cmd --permanent --zone=public --add-forward-port=port=514:proto=tcp:toport=1300 firewall-cmd --reload firewall-cmd --list-ports firewall-cmd --list-forward-ports
测试结果如下:
欢迎关注公众号,蟹蟹
最后
以上就是悦耳柠檬为你收集整理的CentOS7设置systemd管理Logstash服务遇到的坑的全部内容,希望文章能够帮你解决CentOS7设置systemd管理Logstash服务遇到的坑所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
![[Wireshark]_003_电子邮件抓包分析](/uploads/reation/bcimg12.png)
发表评论 取消回复