#!/bin/bash

sudo yum install net-tools -y
#配置信息
HOSTNAME=`hostname`
#所有节点主机名
NODE_1=node-1
NODE_2=node-2
NODE_3=node-3
#所有节点IP
NODE_1_IP=10.0.0.21
NODE_2_IP=10.0.0.22
NODE_3_IP=10.0.0.23
#用户/密码
ELK_USER=es
ELK_USER_PASSWORD=123

install_logstash(){

#ELK用户
if id -u ${ELK_USER} >/dev/null 2>&1; then
        echo "user exists"
else
        echo "user does not exist"
        useradd ${ELK_USER}
        echo "${ELK_USER_PASSWORD}" | passwd --stdin ${ELK_USER}
fi

#统一目录
if [ ! -d "/data/software" ]; then
    mkdir -p /data/software/
fi
if [ ! -d "/data/modules/mysql/" ]; then
    mkdir -p /data/modules/
fi

#远程下载
cd /data/software/
file="logstash-7.17.0-linux-x86_64.tar.gz"
if [ ! -f $file ]; then
    yum install -y wget && wget https://artifacts.elastic.co/downloads/logstash/logstash-7.17.0-linux-x86_64.tar.gz
    #exit 0
fi

#解压安装
cd /data/software
tar -zxvf logstash-7.17.0-linux-x86_64.tar.gz -C /data/modules/
cd /data/modules
mv logstash-7.17.0 logstash

#写入配置
cd /data/modules/logstash/config
cat > logstash-simple.conf << EOF
input {
  beats {
    port => 5044
  }
  file {
    #Nginx日志目录
    path => "/usr/local/nginx/logs/access.log"
    start_position => "beginning"
  }
}

filter {
  if [path] =~ "access" {
    mutate { replace => { "type" => "apache_access" } }
    grok {
      match => { "message" => "%{COMBINEDAPACHELOG}" }
    }
  }
  date {
    #时间戳
    match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
  }
}

output {
  elasticsearch {
    #接受主机
    hosts => ["${NODE_1_IP}:9200","${NODE_2_IP}:9200","${NODE_3_IP}:9200"]
  }
  stdout { codec => rubydebug }
}
EOF

#目录授权
chmod u+x /data/modules/logstash/bin
chown -R es:es /data/modules/logstash
#开启端口
firewall-cmd --zone=public --add-port=5044/tcp --permanent;
firewall-cmd --reload;
firewall-cmd --list-all;

}
install_logstash
#启动服务
cd /data/modules/logstash
#./bin/logstash -f ./config/logstash-simple.conf -d
#后台启动
nohup ./bin/logstash -f ./config/logstash-simple.conf &