Tutorial: 使用rsyslog向kafka, elasticsearch推送日志

来源：互联网发布：仙桃数据谷重庆编辑：程序博客网时间：2024/06/05 11:19

本文介绍了一种简单易行的使用rsyslog向kafka,elasticsearch推送日志的方法；rsyslog的omkafka插件的安装、使用方法；rsyslog的omelasticsearch插件的安装、使用方法。

Kafka是一种开源的分布式消息系统，项目主页：kafka.apache.org
elasticsearch是一种开源的分布式搜索引擎，项目主页：elastic.co

rsyslog使用omkafka向kafka推送日志，使用omelasticsearch向elasticsearch推送日志。这两个插件默认编译选项是关闭的，没有被编译到rsyslog中。下面介绍了具体的安装方法：

## add rsyslog repoWORK_DIR=$(pwd)cd /etc/yum.repos.dwget http://rpms.adiscon.com/v8-stable/rsyslog.repo -O rsyslog.repocd $WORK_DIRmkdir rsyslog-installcd rsyslog-install# check rsyslog version# rsyslog supports kafka from v8.7.0old_rsyslog_ver=$(rsyslogd -version |head -n 1 | awk '{print $2}')## install rsyslog dependency: libestryum install -y libestr-devel## install rsyslog dependency: libeeyum install -y libee-devel## install rsyslog dependency: json-cyum install -y json-c-devel## install rsyslog denpendency: uuidyum install -y libuuid-devel## install rsyslog denpendency: liblogging-stdlogyum install -y liblogging-devel## install rsyslog denpendency: rst2manyum install -y python-docutils## install libcurl for omelasticsearchyum install -y libcurl-devel## install librdkafka for omkafkawget https://github.com/edenhill/librdkafka/archive/0.8.5.tar.gz -O librdkafka-0.8.5.tar.gztar zxvf librdkafka-0.8.5.tar.gzcd librdkafka-0.8.5./configuremakemake installcd ..## install rsyslogwget http://www.rsyslog.com/files/download/rsyslog/rsyslog-8.8.0.tar.gz -O rsyslog-8.8.0.tar.gztar zxvf rsyslog-8.8.0.tar.gzexport PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/lib64/pkgconfig/old_executable_path=$(which rsyslogd)executable_dir=$(dirname "$old_executable_path")cd rsyslog-8.8.0./configure --sbindir=$executable_dir --libdir=/usr/lib64 --enable-omkafka --enable-elasticsearchmakemake install## show installation result:new_rsyslog_ver=$(rsyslogd -version |head -n 1 | awk '{print $2}')echo "Old rsyslogd version: "$old_rsyslog_verecho "New rsyslogd version: "$new_rsyslog_verecho "Executable: " $(which rsyslogd)

我在Github上托管了相关代码：
https://github.com/garyelephant/rsyslog-scripts

omkafka插件的详细文档见：
http://www.rsyslog.com/doc/master/configuration/modules/omkafka.html

omelasticsearch插件的详细文档见：
http://www.rsyslog.com/doc/v8-stable/configuration/modules/omelasticsearch.html

配置示例：

# /etc/rsyslog.conf# load required module# `imuxsock` provides support for local system logging (e.g. via logger command)module(load="imuxsock") module(load="omkafka")module(load="omelasticsearch")# push to kafkaaction(type="omkafka" topic="your_topic" broker="your_kafka_broker_host_or_ip")# or you can push to elasticsearchaction(type="omelasticsearch" server="your_elasticsearch_host_or_ip" searchIndex="your_elasticsearch_index" searchType="your_elasticsearch_index_type" )

启动 rsyslog

rsyslogd -n

在另一个终端用logger向rsyslog写数据

$ logger 'hello world'

References:

http://www.rsyslog.com/doc/master/installation/install_from_source.html
http://bigbo.github.io/pages/2015/01/21/syslog_kafka/
http://blog.oldzee.com/?tag=rsyslog
http://www.rsyslog.com/newbie-guide-to-rsyslog/
http://www.rsyslog.com/doc/master/configuration/modules/omkafka.html

转载本文请注明作者和出处[Gary的影响力]http://garyelephant.me，请勿用于任何商业用途！
Author: Gary Gao( garygaowork[at]gmail.com) 关注互联网、分布式、高性能、NoSQL

1 0