问题描述

我对fluentd和elasticsearch都不熟悉，我想知道fluentd是否有可能从stdout捕获特定日志（在这种情况下，是由我们的应用程序生成的自定义审核日志）-使用stdout作为源-并将它们写入elasticsearch中的特定索引。

I'm a noob to both fluentd and elasticsearch, and I'm wondering if it's possible for fluentd to capture specific logs (in this case, custom audit logs generated by our apps) from stdout - use stdout as a source - and write them to a specific index in elasticsearch. Many thanks in advance for your replies.

推荐答案

是的，您可以使用fluentd的输入插件可启动您的应用并捕获其标准输出。请注意，这意味着fluentd将负责启动您的应用程序，这可能不是所希望的-在这种情况下，如果应用程序已写入日志文件，则可以将fluentd up设置为尾随该文件，或者如果您的应用程序日志进入类似 syslog ，您可以从中获取帮助。如果您可以修改应用程序，还可以让应用程序使用Unix套接字或TCP / UDP消息或通过将日志发布到HTTP端点来将日志写成流畅的日志。请参阅，以获取更多详细信息和不同输入选项的示例。

Yes, you could use fluentd's exec input plugin to launch your apps and capture their stdout. Note this means fluentd would be in charge of launching your application which may not be desirable - in that case if the application already writes to log file you can set fluentd up to tail that file, or if your application logs go to something like syslog you can feed off of that. If you are okay with modifying the application you could also have the application write the logs to fluentd using unix sockets or TCP/UDP messages or by posting logs to an HTTP endpoint. See Input Plugin Overview for more details and examples of different options for input.

Fluentd可以进一步这些日志仅用于自定义审核日志。这可以根据日志内容或其他日志条目属性或某种组合以多种方式完成。此外，还有其他插件可以汇总某些日志条目，并且仅在满足某些阈值后才发出。请注意，如果您能够从头开始标记审核消息，甚至可能不需要解析任何内容，但是是否以及如何执行此操作将因所使用的输入插件而异。

Fluentd can further filter those logs for just the custom audit logs. This could be accomplished in several ways, based on log contents or other log entry properties or some combination. Additionally, there are additional plugins that can tally certain log entries and only emit after some thresholds are met. Note that you may not even need to parse anything if you are able to tag the audit messages from the start, but if and how to do this will differ upon the input plugins used.

发送日志到Elasticsearch，您可以使用，使用 index_name 来控制特定的索引。

For sending logs to Elasticsearch you can use uken/fluent-plugin-elasticsearch's output plugin using index_name to control the specific index.

这篇关于是否可以将stdout用作流利的源来捕获特定日志以写入Elasticsearch？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！