在Ubuntu上作为服务运行的logstash-input-heroku(logstash 5.2.1)
[英]logstash-input-heroku running as a service on ubuntu (logstash 5.2.1)
问题描述
I'm trying to run logstash on an aws ec2 instance running ubuntu 16.04 using systemd. 
我正在尝试使用systemd在运行ubuntu 16.04的aws ec2实例上运行logstash。 I've installed heroku toolbelt on the machine. 我已经在机器上安装了heroku工具带。 Running the pipeline normally (via bin/logstash.bat) works fine and events are ingested (however after a few minutes a get a "Request timed out" error and the pipeline stops, which is a separate question). 正常运行管道(通过bin / logstash.bat)可以正常工作,并且可以提取事件(但是,几分钟后,出现“请求超时”错误,管道停止,这是一个单独的问题)。
But when I try to run the service on systemd I get errors, not sure if the two types of errors are related. 但是,当我尝试在systemd上运行服务时出现错误,不确定两种错误是否相关。 The first is an SSL error: 第一个是SSL错误:
Error: no cipher match (OpenSSL::SSL::SSLError)
[2017-02-15T13:08:44,037][ERROR][logstash.pipeline ] A plugin had an unrecoverable error.
The second is that the heroku toolbelt seems to be prompting for credentials: 第二个是heroku工具区似乎正在提示输入凭据:
Feb 15 13:08:43 ip-10-0-1-216 logstash[4402]: Enter your Heroku credentials.
Feb 15 13:08:43 ip-10-0-1-216 logstash[4402]: Email: Password (typing will be hidden):
My logstash configuration: 我的logstash配置:
input {
heroku {
app => "xxx-1"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} %{WORD}\[\w+(\.\d+)?\]:(\s{3,}| \})"
what => "previous"
}
}
heroku {
app => "xxx-2"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} %{WORD}\[\w+(\.\d+)?\]:(\s{3,}| \})"
what => "previous"
}
}
heroku {
app => "xxx-3"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} %{WORD}\[\w+(\.\d+)?\]:(\s{3,}| \})"
what => "previous"
}
}
heroku {
app => "xxx-4"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} %{WORD}\[\w+(\.\d+)?\]:(\s{3,}| \})"
what => "previous"
}
}
}
filter {
grok {
break_on_match => true
patterns_dir => ["./grok_patterns"]
match => { "message" => [
"^%{TIMESTAMP_ISO8601:timestamp} %{WORD:heroku_source}\[%{DYNO:dyno}\]: %{LEVEL:level}: HTTP %{OPT_NOT_SPACE_COMMA:organization}, %{OPT_NOT_COMMA:user}, %{OPT_NOT_COMMA:device}, %{WORD:method} %{ENDPOINT:endpoint}%{QUERY:query} \[%{INT:responseCode:int}\].*? \(p%{INT:nodeProcess:int}\) \(%{INT:responseTime:int}ms\).*$",
"^%{TIMESTAMP_ISO8601:timestamp} %{WORD:heroku}\[%{WORD:component}\]: at=\w+ method=%{WORD:method} path=\"%{ENDPOINT:endpoint}\??%{QUERY:query}\" .*?fwd=\"%{IP:site_ip}\" dyno=%{DYNO:dyno} .*?service=%{INT:responseTime:int}ms status=%{INT:responseCode:int} bytes=%{INT:sizeBytes:int}.*?$",
"^%{TIMESTAMP_ISO8601:timestamp} %{WORD:heroku_source}\[%{DYNO:dyno}\]: (?<data>.*)"
] }
add_field => { "endpoint_template" => "%{endpoint}" }
}
mutate {
gsub => ["endpoint_template", "[0-9a-f]{24}", "ID"]
add_field => { "type" => "heroku" }
}
if ![heroku_source] {
geoip {
source => "site_ip"
}
mutate {
add_field => { "heroku_source" => "heroku" }
}
}
}
output {
elasticsearch {
hosts => [ "aws-es-endpoint:443" ]
ssl => true
}
}
(I'm sure it could be improved) (我敢肯定它会得到改善)
I've tried running the service as root but the result is the same. 我尝试以根用户身份运行服务,但结果是相同的。 Just to clarify, this works: 为了澄清,这有效:
/usr/share/logstash/bin/logstash --path.settings /etc/logstash/
While this does not: 虽然这不是:
sudo systemctl start logstash
This is a clean install of logstash 5.2.1 following the procedures on elastic . 这是按弹性安装程序的干净安装Logstash 5.2.1。 Systemd is also run according to their procedures , so that it executes the same command as I execute manually. Systemd也根据其过程运行,因此它执行与我手动执行的命令相同的命令。 cat logstash.service output: cat logstash.service输出:
[Unit]
Description=logstash
[Service]
Type=simple
User=logstash
Group=logstash
# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
# Prefixing the path with '-' makes it try to load, but if the file doesn't
# exist, it continues onward.
EnvironmentFile=-/etc/default/logstash
EnvironmentFile=-/etc/sysconfig/logstash
ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash"
Restart=always
WorkingDirectory=/
Nice=19
LimitNOFILE=16384
[Install]
WantedBy=multi-user.target
(result is the same when I comment out the user and group above) (当我注释掉上面的用户和组时,结果是相同的)
1 个解决方案
解决方案1
0 已采纳 2017-02-15 21:38:38
Just for the record, turns out the problem was that systemd was not seeing the heroku credentials. 仅作记录,结果是问题出在systemd没有看到heroku凭证。 I asked a similar question on AskUbuntu . 我在AskUbuntu上问了类似的问题 。 The solution was to add the ubuntu home directory to the logstash service so it would access the credentials. 解决方案是将ubuntu主目录添加到logstash服务中,以便它可以访问凭据。 Accomplished by editing the logstash.service file in /etc/systemd/system and setting Environment="Home=/home/ubuntu" there. 通过在/ etc / systemd / system中编辑logstash.service文件并在其中设置Environment="Home=/home/ubuntu" 。
Example of final logstash.service file: 最终的logstash.service文件的示例:
[Unit]
Description=logstash
[Service]
Type=simple
User=logstash
Group=root
# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
# Prefixing the path with '-' makes it try to load, but if the file doesn't
# exist, it continues onward.
Environment="HOME=/home/ubuntu"
EnvironmentFile=-/etc/default/logstash
EnvironmentFile=-/etc/sysconfig/logstash
ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash"
Restart=always
WorkingDirectory=/
Nice=19
LimitNOFILE=16384
[Install]
WantedBy=multi-user.target
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.