GPG 키 다운로드
$ rpm —import https://artifacts.elastic.co/GPG-KEY-elasticsearch
RPM repository 에서 install (setting)
$ vim /etc/yum.repos.d/logstash.repo
[logstash-8.x]
name=Elastic repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
위 내용을 /etc/yum.repos.d/logstash.repo 에 저장
설치
$ yum install logstash
설정파일 생성
$ vim /etc/logstash/conf.d/logstash.conf
input {
beats {
port => 5044
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
output {
elasticsearch {
hosts => ["https://localhost:9200"]
user => "elastic"
password => "XXXXXX"
cacert => '/etc/logstash/certs/http_ca.crt'
index => "kosmos_log"
}
stdout { codec => rubydebug }
}
인증서 복사 및 접근권한 설정
$ cd /etc/logstash
$ mkdir certs
$ cp /etc/elasticsearch/certs/http_ca.crt ./certs/
$ chmod 644 ./certs/http_ca.crt
시작
$ service logstash start