Logstash 基础10

发现这边的终端有输出

代码语言：javascript复制

[root@h102 etc]# /opt/logstash/bin/logstash -f logstash-syslog.conf  
Settings: Default filter workers: 1
Logstash startup completed
{
                 "message" => "Dec 23 12:11:43 louis postfix/smtpd[31499]: connect from unknown[95.75.93.154]r",
                "@version" => "1",
              "@timestamp" => "2016-12-23T04:11:43.000Z",
                    "host" => "0:0:0:0:0:0:0:1",
                    "port" => 45093,
                    "type" => "syslog",
        "syslog_timestamp" => "Dec 23 12:11:43",
         "syslog_hostname" => "louis",
          "syslog_program" => "postfix/smtpd",
              "syslog_pid" => "31499",
          "syslog_message" => "connect from unknown[95.75.93.154]r",
             "received_at" => "2016-01-05T12:22:55.674Z",
           "received_from" => "0:0:0:0:0:0:0:1",
    "syslog_severity_code" => 5,
    "syslog_facility_code" => 1,
         "syslog_facility" => "user-level",
         "syslog_severity" => "notice"
}
{
                 "message" => "Dec 23 14:42:56 louis named[16000]: client 199.48.164.7#64817: query (cache) 'amsterdamboothuren.com/MX/IN' deniedr",
                "@version" => "1",
              "@timestamp" => "2016-12-23T06:42:56.000Z",
                    "host" => "0:0:0:0:0:0:0:1",
                    "port" => 45093,
                    "type" => "syslog",
        "syslog_timestamp" => "Dec 23 14:42:56",
         "syslog_hostname" => "louis",
          "syslog_program" => "named",
              "syslog_pid" => "16000",
          "syslog_message" => "client 199.48.164.7#64817: query (cache) 'amsterdamboothuren.com/MX/IN' deniedr",
             "received_at" => "2016-01-05T12:23:22.809Z",
           "received_from" => "0:0:0:0:0:0:0:1",
    "syslog_severity_code" => 5,
    "syslog_facility_code" => 1,
         "syslog_facility" => "user-level",
         "syslog_severity" => "notice"
}
...
...

终端

0 人点赞