logstash input heroku在ubuntu上作为服务运行(logstash 5.2.1)
我正在尝试使用systemd在运行ubuntu 16.04的aws ec2实例上运行logstash。我已经在机器上安装了heroku工具带。正常运行管道(通过bin/logstash.bat)工作正常,事件被接收(但是,几分钟后出现“请求超时”错误,管道停止,这是一个单独的问题) 但是,当我尝试在systemd上运行服务时,会出现错误,不确定这两种类型的错误是否相关。第一个是SSL错误: 错误:没有密码匹配(OpenSSL::SSL::SSLError) [2017-02-15T13:08:44037][ERROR][logstash.pipeline]插件 有一个无法恢复的错误。将重新启动此插件。插件: “xxxxxx”, 编解码器=>“^%{TIMESTAMP_ISO8601} %{WORD}\[\w+(\.\d+)?\]:(\s{3,}{124;\})”,what=>“先前”, id=>“032c3b317ae49982945ec7e8fbf11224be98f237-3”,启用度量=>true, 否定=>false,字符集=>“UTF-8”,多行\标记=>“多行”, 最大行数=>500,最大字节数=>10485760>, id=>“032c3b317ae49982945ec7e8fbf11224be98f237-4”,启用度量=>true> 第二,heroku工具带似乎在提示提供凭据: 2月15日13:08:43 ip-10-0-1-216日志[4402]:输入您的Heroku 证书 二月十五日13:08:43 ip-10-0-1-216日志[4402]:电子邮件: 密码(将隐藏键入): 我的日志存储配置:logstash input heroku在ubuntu上作为服务运行(logstash 5.2.1),ubuntu,heroku,logstash,systemd,Ubuntu,Heroku,Logstash,Systemd,我正在尝试使用systemd在运行ubuntu 16.04的aws ec2实例上运行logstash。我已经在机器上安装了heroku工具带。正常运行管道(通过bin/logstash.bat)工作正常,事件被接收(但是,几分钟后出现“请求超时”错误,管道停止,这是一个单独的问题) 但是,当我尝试在systemd上运行服务时,会出现错误,不确定这两种类型的错误是否相关。第一个是SSL错误: 错误:没有密码匹配(OpenSSL::SSL::SSLError) [2017-02-15T13:08:4
input {
heroku {
app => "xxx-1"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} %{WORD}\[\w+(\.\d+)?\]:(\s{3,}| \})"
what => "previous"
}
}
heroku {
app => "xxx-2"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} %{WORD}\[\w+(\.\d+)?\]:(\s{3,}| \})"
what => "previous"
}
}
heroku {
app => "xxx-3"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} %{WORD}\[\w+(\.\d+)?\]:(\s{3,}| \})"
what => "previous"
}
}
heroku {
app => "xxx-4"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} %{WORD}\[\w+(\.\d+)?\]:(\s{3,}| \})"
what => "previous"
}
}
}
filter {
grok {
break_on_match => true
patterns_dir => ["./grok_patterns"]
match => { "message" => [
"^%{TIMESTAMP_ISO8601:timestamp} %{WORD:heroku_source}\[%{DYNO:dyno}\]: %{LEVEL:level}: HTTP %{OPT_NOT_SPACE_COMMA:organization}, %{OPT_NOT_COMMA:user}, %{OPT_NOT_COMMA:device}, %{WORD:method} %{ENDPOINT:endpoint}%{QUERY:query} \[%{INT:responseCode:int}\].*? \(p%{INT:nodeProcess:int}\) \(%{INT:responseTime:int}ms\).*$",
"^%{TIMESTAMP_ISO8601:timestamp} %{WORD:heroku}\[%{WORD:component}\]: at=\w+ method=%{WORD:method} path=\"%{ENDPOINT:endpoint}\??%{QUERY:query}\" .*?fwd=\"%{IP:site_ip}\" dyno=%{DYNO:dyno} .*?service=%{INT:responseTime:int}ms status=%{INT:responseCode:int} bytes=%{INT:sizeBytes:int}.*?$",
"^%{TIMESTAMP_ISO8601:timestamp} %{WORD:heroku_source}\[%{DYNO:dyno}\]: (?<data>.*)"
] }
add_field => { "endpoint_template" => "%{endpoint}" }
}
mutate {
gsub => ["endpoint_template", "[0-9a-f]{24}", "ID"]
add_field => { "type" => "heroku" }
}
if ![heroku_source] {
geoip {
source => "site_ip"
}
mutate {
add_field => { "heroku_source" => "heroku" }
}
}
}
output {
elasticsearch {
hosts => [ "aws-es-endpoint:443" ]
ssl => true
}
}
sudo systemctl start logstash
[Unit]
Description=logstash
[Service]
Type=simple
User=logstash
Group=logstash
# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
# Prefixing the path with '-' makes it try to load, but if the file doesn't
# exist, it continues onward.
EnvironmentFile=-/etc/default/logstash
EnvironmentFile=-/etc/sysconfig/logstash
ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash"
Restart=always
WorkingDirectory=/
Nice=19
LimitNOFILE=16384
[Install]
WantedBy=multi-user.target
(当我对上面的用户和组进行注释时,结果是相同的)只是为了记录,问题是systemd没有看到heroku凭据。我问了一个问题。解决方案是将ubuntu主目录添加到logstash服务,以便它能够访问凭据。通过编辑/etc/systemd/system中的
logstash.serviceEnvironment=“Home=/Home/ubuntu”[Unit]
Description=logstash
[Service]
Type=simple
User=logstash
Group=root
# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
# Prefixing the path with '-' makes it try to load, but if the file doesn't
# exist, it continues onward.
Environment="HOME=/home/ubuntu"
EnvironmentFile=-/etc/default/logstash
EnvironmentFile=-/etc/sysconfig/logstash
ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash"
Restart=always
WorkingDirectory=/
Nice=19
LimitNOFILE=16384
[Install]
WantedBy=multi-user.target
[Unit]
Description=logstash
[Service]
Type=simple
User=logstash
Group=root
# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
# Prefixing the path with '-' makes it try to load, but if the file doesn't
# exist, it continues onward.
Environment="HOME=/home/ubuntu"
EnvironmentFile=-/etc/default/logstash
EnvironmentFile=-/etc/sysconfig/logstash
ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash"
Restart=always
WorkingDirectory=/
Nice=19
LimitNOFILE=16384
[Install]
WantedBy=multi-user.target