我正在尝试配置将 pgsql 日志数据发送到 elasticsearch。架构如下:packetbeat->logstash->elasticsearch。
运行packetbeat后,logstash日志显示:
:message "Beats Input: Remote connection closed",
:peer=>"10.1.1.103:51748",
:exception=>#Lumberjack::Beats::Connection::ConnectionClosed: Lumberjack::Beats::Connection::ConnectionClosed wrapping: EOFError, End of file reached,
:level=>:warn}
packetbeat 日志输出看起来正常:
logstash.go:106: INFO Max Retries set to: 3
outputs.go:119: INFO Activated logstash as output plugin.
publish.go:288: INFO Publisher name: pgsqldb01
async.go:78: INFO Flush Interval set to: 1s
async.go:84: INFO Max Bulk Size set to: 2048
beat.go:147: INFO Init Beat: packetbeat; Version: 1.1.0
procs.go:88: INFO Process matching enabled
packetbeat.yml 包含:
interfaces:
device: any
buffer_size_mb: 100
protocols:
pgsql:
ports: [5432]
procs:
enabled: true
monitored:
- process: pgsql
cmdline_grep: postgres
output:
logstash:
hosts: ["10.1.1.1:5044"]
bulk_max_size: 2048
index: packetbeat
tls:
certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
logstash 输入配置如下:
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
packetbeat 版本为:1.1.0
logstash/elasticsearch 版本为:2.2.0
可能是什么问题呢?