1忧饭、安裝logstash-output-zabbix插件
[root@beijing ~]#/usr/share/logstash/bin/logstash-plugin install logstash-output-zabbix
2驮履、修改Logstash配置文件
[root@beijing ~]#vim /etc/logstash/conf.d/test.conf
input {
file {
path => ["/var/log/httpd/access_log"]
start_position => "beginning"
}
}
filter {
grok {
match => {
"message" => "%{HTTPD_COMBINEDLOG}"
}
add_field => ["[@metadata][zabbix_host]","beijing.zhangdazhi.com"] #添加一個(gè)字段,為被監(jiān)控的主機(jī)的主機(jī)名,注意這里一定要和被監(jiān)控的主機(jī)名對(duì)上
add_field => ["[@metadata][zabbix_key]","logstash.key"] #添加一個(gè)字段蜡歹,為被監(jiān)控的主機(jī)的鍵值
}
geoip {
source => "clientip"
target => "geoip"
database => "/app/GeoLite2-City_20180102/GeoLite2-City.mmdb"
}
}
output {
elasticsearch {
hosts => ["http://66.112.215.110"]
index => "apache_logstash-%{+YYYY.MM.dd}"
action => "index"
document_type => "apache_logs"
}
stdout{ codec => rubydebug }
zabbix {
timeout => 1
workers => 1
zabbix_host => "[@metadata][zabbix_host]" #被監(jiān)控的主機(jī)的主機(jī)名赂乐,上面已經(jīng)定義
zabbix_server_host => "66.112.215.110" #zabbix_server的ip地址
zabbix_server_port => 10051 #zabbix_server監(jiān)聽(tīng)的端口
zabbix_key => "[@metadata][zabbix_key]" #被監(jiān)控的主機(jī)的鍵值薯鳍,上面已經(jīng)定義
zabbix_value => "message" #要傳給zabbix的字段名
}
}
3、修改zabbix_agent的配置文件
[root@beijing ~]#vim /etc/logstash/conf.d/test.conf
[root@beijing ~]#cat /etc/zabbix/zabbix_agentd.conf |grep ^[^#]
PidFile=/var/run/zabbix/zabbix_agentd.pid
LogFile=/var/log/zabbix/zabbix_agentd.log
LogFileSize=1
EnableRemoteCommands=1
LogRemoteCommands=1
Server=66.112.215.110
StartAgents=5
ServerActive=66.112.215.110 #開(kāi)啟主動(dòng)模式下server端的地址
Hostname=beijing.zhangdazhi.com #主動(dòng)模式下被監(jiān)控的主機(jī)的主機(jī)名挨措,這樣server端才知道是誰(shuí)發(fā)送的信息
配置好后重啟zabbix_agentd
4挖滤、zabbix上的設(shè)置
添加主機(jī)
image.png
添加監(jiān)控項(xiàng)
image.png
在被監(jiān)控端發(fā)送消息測(cè)試,看zabbix中能否收到
[root@beijing ~]#zabbix_sender -z 66.112.215.110 -p 10051 -s beijing.zhangdazhi.com -k "logstash.key" -o "hello"
info from server: "processed: 1; failed: 0; total: 1; seconds spent: 0.000083"
sent: 1; skipped: 0; total: 1
-z指明server的地址 -p為server端端口 -s指明被監(jiān)控端的主機(jī)名 -k指明被監(jiān)控端自定義的鍵值浅役,這里要和zabbix圖形界面定義的鍵值對(duì)上 -o指明發(fā)送的信息
在zabbix中可以收到斩松,說(shuō)明測(cè)試成功
image.png
5、添加觸發(fā)器
image.png
image.png
6觉既、啟動(dòng)logstash
[root@beijing ~]# nohup /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/test.conf & #讓程序后臺(tái)運(yùn)行
停止的時(shí)候可以用kill
