[英]logstash-input-heroku running as a service on ubuntu (logstash 5.2.1)
我正在嘗試使用systemd在運行ubuntu 16.04的aws ec2實例上運行logstash。 我已經在機器上安裝了heroku工具帶。 正常運行管道(通過bin / logstash.bat)可以正常工作,並且可以提取事件(但是,幾分鍾后,出現“請求超時”錯誤,管道停止,這是一個單獨的問題)。
但是,當我嘗試在systemd上運行服務時出現錯誤,不確定兩種錯誤是否相關。 第一個是SSL錯誤:
錯誤:無密碼匹配(OpenSSL :: SSL :: SSLError)
[2017-02-15T13:08:44,037] [錯誤] [logstash.pipeline]插件發生不可恢復的錯誤。 將重新啟動此插件。 插件:“ xxxxxx”,編解碼器=>“ ^%{TIMESTAMP_ISO8601}%{WORD} \\ [\\ w +(\\。\\ d +)?\\]:(\\ s {3,} | \\}}”,what =>“以前的“,id =>” 032c3b317ae49982945ec7e8fbf11224be98f237-3“,enable_metric => true,negate => false,charset =>” UTF-8“,multiline_tag =>” multiline“,max_lines => 500,max_bytes => 10485760>,id =>“ 032c3b317ae49982945ec7e8fbf11224be98f237-4”,enable_metric => true>
第二個是heroku工具區似乎正在提示輸入憑據:
2月15日13:08:43 ip-10-0-1-216 logstash [4402]:輸入您的Heroku憑據。
2月15日13:08:43 ip-10-0-1-216 logstash [4402]:電子郵件:密碼(輸入將被隱藏):
我的logstash配置:
input {
heroku {
app => "xxx-1"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} %{WORD}\[\w+(\.\d+)?\]:(\s{3,}| \})"
what => "previous"
}
}
heroku {
app => "xxx-2"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} %{WORD}\[\w+(\.\d+)?\]:(\s{3,}| \})"
what => "previous"
}
}
heroku {
app => "xxx-3"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} %{WORD}\[\w+(\.\d+)?\]:(\s{3,}| \})"
what => "previous"
}
}
heroku {
app => "xxx-4"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} %{WORD}\[\w+(\.\d+)?\]:(\s{3,}| \})"
what => "previous"
}
}
}
filter {
grok {
break_on_match => true
patterns_dir => ["./grok_patterns"]
match => { "message" => [
"^%{TIMESTAMP_ISO8601:timestamp} %{WORD:heroku_source}\[%{DYNO:dyno}\]: %{LEVEL:level}: HTTP %{OPT_NOT_SPACE_COMMA:organization}, %{OPT_NOT_COMMA:user}, %{OPT_NOT_COMMA:device}, %{WORD:method} %{ENDPOINT:endpoint}%{QUERY:query} \[%{INT:responseCode:int}\].*? \(p%{INT:nodeProcess:int}\) \(%{INT:responseTime:int}ms\).*$",
"^%{TIMESTAMP_ISO8601:timestamp} %{WORD:heroku}\[%{WORD:component}\]: at=\w+ method=%{WORD:method} path=\"%{ENDPOINT:endpoint}\??%{QUERY:query}\" .*?fwd=\"%{IP:site_ip}\" dyno=%{DYNO:dyno} .*?service=%{INT:responseTime:int}ms status=%{INT:responseCode:int} bytes=%{INT:sizeBytes:int}.*?$",
"^%{TIMESTAMP_ISO8601:timestamp} %{WORD:heroku_source}\[%{DYNO:dyno}\]: (?<data>.*)"
] }
add_field => { "endpoint_template" => "%{endpoint}" }
}
mutate {
gsub => ["endpoint_template", "[0-9a-f]{24}", "ID"]
add_field => { "type" => "heroku" }
}
if ![heroku_source] {
geoip {
source => "site_ip"
}
mutate {
add_field => { "heroku_source" => "heroku" }
}
}
}
output {
elasticsearch {
hosts => [ "aws-es-endpoint:443" ]
ssl => true
}
}
(我敢肯定它會得到改善)
我嘗試以根用戶身份運行服務,但結果是相同的。 為了澄清,這有效:
/usr/share/logstash/bin/logstash --path.settings /etc/logstash/
雖然這不是:
sudo systemctl start logstash
這是按彈性安裝程序的干凈安裝Logstash 5.2.1。 Systemd也根據其過程運行,因此它執行與我手動執行的命令相同的命令。 cat logstash.service
輸出:
[Unit]
Description=logstash
[Service]
Type=simple
User=logstash
Group=logstash
# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
# Prefixing the path with '-' makes it try to load, but if the file doesn't
# exist, it continues onward.
EnvironmentFile=-/etc/default/logstash
EnvironmentFile=-/etc/sysconfig/logstash
ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash"
Restart=always
WorkingDirectory=/
Nice=19
LimitNOFILE=16384
[Install]
WantedBy=multi-user.target
(當我注釋掉上面的用戶和組時,結果是相同的)
僅作記錄,結果是問題出在systemd沒有看到heroku憑證。 我在AskUbuntu上問了類似的問題 。 解決方案是將ubuntu主目錄添加到logstash服務中,以便它可以訪問憑據。 通過在/ etc / systemd / system中編輯logstash.service
文件並在其中設置Environment="Home=/home/ubuntu"
。
最終的logstash.service文件的示例:
[Unit]
Description=logstash
[Service]
Type=simple
User=logstash
Group=root
# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
# Prefixing the path with '-' makes it try to load, but if the file doesn't
# exist, it continues onward.
Environment="HOME=/home/ubuntu"
EnvironmentFile=-/etc/default/logstash
EnvironmentFile=-/etc/sysconfig/logstash
ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash"
Restart=always
WorkingDirectory=/
Nice=19
LimitNOFILE=16384
[Install]
WantedBy=multi-user.target
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.