-Xmx512m
# cat /data/PRG/elasticsearch/config/elasticsearch.yml |grep -v '#'network.host: 0.0.0.0 ###开启监听地址, action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*####以下模块视情况是否开启 xpack.security.enabled: true ####开启用户认证 xpack.monitoring.enabled: truexpack.graph.enabled: truexpack.watcher.enabled: truexpack.security.authc.realms: ####用户认证模式,ldap、file、pki、Active Directory等 file1: type: fileorder: 0 四、 安装logstash # cd /data/PRG/# tar zxvf /data/elk5.0/logstash-5.0.2.tar.gz # mv logstash-5.0.2 logstash # useradd logstash -s /sbin/nologin # chown logstash. logstash /data/PRG/logstash添加启动脚本
vim /etc/init.d/logstash
#!/bin/sh# Init script for logstash # Maintained by Elasticsearch # Generated by pleaserun. # Implemented based on LSB Core 3.1: # * Sections: 20.2, 20.3# ### BEGIN INIT INFO # Provides: logstash # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5# Default-Stop: 0 1 6# Short-Description: # Description: Starts Logstash as a daemon. ### END INIT INFO PATH=/sbin:/usr/sbin:/bin:/usr/bin export PATHif [ `id -u` -ne 0 ]; then echo "You need root privileges to run this script" exit 1finame=logstash pidfile="/var/run/$name.pid"LS_USER=logstash LS_GROUP=logstash LS_HOME=/var/lib/logstash LS_HEAP_SIZE="1g"LS_LOG_DIR=/var/log/logstash LS_LOG_FILE="${LS_LOG_DIR}/$name.log"LS_CONF_DIR=/etc/logstash/conf.d LS_OPEN_FILES=16384LS_NICE=19KILL_ON_STOP_TIMEOUT=${KILL_ON_STOP_TIMEOUT-0} #default value is zero to this variable but could be updated by user request LS_OPTS=""[ -r /etc/default/$name ] && . /etc/default/$name [ -r /etc/sysconfig/$name ] && . /etc/sysconfig/$name program=/opt/logstash/bin/logstash args="agent -f ${LS_CONF_DIR} -l ${LS_LOG_FILE} ${LS_OPTS}"quiet() { "$@" > /dev/null 2>&1 return $?} start() { LS_JAVA_OPTS="${LS_JAVA_OPTS} -Djava.io.tmpdir=${LS_HOME}" HOME=${LS_HOME} export PATH HOME LS_HEAP_SIZE LS_JAVA_OPTS LS_USE_GC_LOGGING LS_GC_LOG_FILE # chown doesn't grab the suplimental groups when setting the user:group - so we have to do it for it. # Boy, I hope we're root here. SGROUPS=$(id -Gn "$LS_USER" | tr " " "," | sed 's/,$//'; echo '') if [ ! -z $SGROUPS ] thenEXTRA_GROUPS="--groups $SGROUPS" fi # set ulimit as (root, presumably) first, before we drop privileges ulimit -n ${LS_OPEN_FILES} # Run the program! nice -n ${LS_NICE} chroot --userspec $LS_USER:$LS_GROUP $EXTRA_GROUPS / sh -c " cd $LS_HOME ulimit -n ${LS_OPEN_FILES} exec \"$program\" $args " > "${LS_LOG_DIR}/$name.stdout" 2> "${LS_LOG_DIR}/$name.err" & # Generate the pidfile from here. If we instead made the forked process # generate it there will be a race condition between the pidfile writing # and a process possibly asking for status. echo $! > $pidfile echo "$name started." return 0} stop() { # Try a few times to kill TERM the program if status ; thenpid=`cat "$pidfile"`echo "Killing $name (pid $pid) with SIGTERM"kill -TERM $pid # Wait for it to exit.for i in 1 2 3 4 5 6 7 8 9 ; do echo "Waiting $name (pid $pid) to die..." status || break sleep 1doneif status ; then if [ $KILL_ON_STOP_TIMEOUT -eq 1 ] ; thenecho "Timeout reached. Killing $name (pid $pid) with SIGKILL. This may result in data loss."kill -KILL $pidecho "$name killed with SIGKILL." elseecho "$name stop failed; still running."return 1 # stop timed out and not forced fielse echo "$name stopped."fi fi} status() { if [ -f "$pidfile" ] ; thenpid=`cat "$pidfile"`if kill -0 $pid > /dev/null 2> /dev/null ; then # process by this pid is running. # It may not be our pid, but that's what you get with just pidfiles. # TODO(sissel): Check if this process seems to be the same as the one we # expect. It'd be nice to use flock here, but flock uses fork, not exec, # so it makes it quite awkward to use in this case. return 0else return 2 # program is dead but pid file existsfi elsereturn 3 # program is not running fi} reload() { if status ; thenkill -HUP `cat "$pidfile"` fi} force_stop() { if status ; thenstop status && kill -KILL `cat "$pidfile"` fi} configtest() { # Check if a config file exists if [ ! "$(ls -A ${LS_CONF_DIR}/* 2> /dev/null)" ]; thenecho "There aren't any configuration files in ${LS_CONF_DIR}"return 1 fi HOME=${LS_HOME} export PATH HOME test_args="--configtest -f ${LS_CONF_DIR} ${LS_OPTS}" $program ${test_args} [ $? -eq 0 ] && return 0 # Program not configured return 6}case "$1" in start) status code=$?if [ $code -eq 0 ]; then echo "$name is already running"else start code=$?fiexit $code ;; stop) stop ;; force-stop) force_stop ;; status) status code=$?if [ $code -eq 0 ] ; then echo "$name is running"else echo "$name is not running"fiexit $code ;; reload) reload ;; restart) quiet configtest RET=$?if [ ${RET} -ne 0 ]; then echo "Configuration error. Not restarting. Re-run with configtest parameter for details" exit ${RET}fistop && start ;; configtest) configtest exit $?;; *)echo "Usage: $SCRIPTNAME {start|stop|force-stop|status|reload|restart|configtest}" >&2exit 3 ;;esacexit $? # chmod +x /etc/init.d/logstash # /etc/init.d/logstash start # /etc/init.d/logstash status logstash is running # netstat -ntlp|grep 9600tcp 0 0 :::9600 :::* LISTEN 10141/java 五、 配置 logstash # cat /data/PRG/logstash/config/logstash.yml |grep -v '#'http.host: "0.0.0.0" ###开启监听地址