我正在尝试将日志从Filebeat发送到Logstash,而不是Nginx。我在nginx反向代理后面有每个Elasticsearch和Logstash,它们都在同一服务器上。当我将日志从Filebeat直接发送到Elasticsearch代理时,它可以正常工作,但是当我尝试将日志发送到Logstash时,什么也没发生,也没有错误生成。
日志记录:Filebeat-> NGINX_PROXY_FQDN-> ES_SERVER_FQDN:5044-> ES_SERVER_FQDN:9200
Filebeat.yml
output.logstash:
hosts: ["NGINX_PROXY_FQDN:443"]
protocol: https
ssl.certificate: "/etc/filebeat/certs/nginxproxy.crt"
ssl.key: "/etc/filebeat/certs/nginxproxy.key"
ssl.certificate_authorities: /etc/filebeat/certs/ca.pem
Nginx,Logstash反向代理
server {
listen 443;
listen [::]:443;
ssl on;
ssl_certificate certs/nginxproxy.crt;
ssl_certificate_key certs/nginxproxy.key;
ssl_trusted_certificate certs/ca.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
server_name NGINX_PROXY_FQDN;
location / {
proxy_pass https://ES_SERVER_FQDN:5044;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Proxy-Connection "upgrade";
proxy_set_header Host $host;
}
}
Logstash.conf
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/logstash/certs/nginxproxy.crt"
ssl_key => "/etc/logstash/certs/nginxproxy.key"
ssl_certificate_authorities => ["/etc/logstash/certs/ca.pem"]
ssl_verify_mode => "force_peer"
}
}
output {
elasticsearch {
hosts => ["https://ES_SERVER_FQDN:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => "*****"
password => "*****"
ssl => true
cacert => "/etc/logstash/certs/ca.pem"
ilm_enabled => false
}
}