![\"image\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d461837434c4406ca440b\/2-0.png\" "\\"\\"")
<\/div>\n![\"\u8cbc\u308a\u4ed8\u3051\u305f\u753b\u50cf_2016_02_25_2_35.jpg\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d461837434c4406ca440b\/3-0.jpeg\" "\\"\u8cbc\u308a\u4ed8\u3051\u305f\u753b\u50cf_2016_02_25_2_35.jpg\\"")
<\/div>\n\u8bbe\u5b9a<\/h1>\n\u6761\u4ef6\u3002<\/h2>\n\n- \n
\u30eb\u30fc\u30bf\uff08RTX1100\uff09IP: 192.168.1.1<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
\u30b5\u30fc\u30d0<\/ul>\n<\/li>\n<\/ul>\nOS: Ubuntu 14.04.3 LTS Trusty
\nIP: 192.168.1.100
\nkibana, fluentd, elasticsearch\u3092\u52d5\u304b\u3059
\nLAN\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u306e\u307f\u60f3\u5b9a\u6545\u3001\u30b5\u30fc\u30d0\u306eFW\u306f\u30ac\u30e9\u7a7a\u304d<\/p>\n
\u5b89\u88c5\u8f6f\u4ef6\u5305<\/h2>\n
\u516c\u5f0f\u7684\u6b65\u9aa4\u53ef\u4ee5\u4f5c\u4e3a\u53c2\u8003\u3002<\/p>\n
\n- \n
fluentd<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
elasticsearch<\/ul>\n<\/li>\n<\/ul>\nkibana<\/p>\n
\u305f\u3060\u3057\u3001OS\u8d77\u52d5\u6642\u306b\u81ea\u52d5\u8d77\u52d5\u3055\u305b\u308b\u3088\u3046\u306b\u3059\u308b\u306b\u306f\u3001init.d\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u3069\u3063\u304b\u304b\u3089\u62fe\u3063\u3066\u304f\u308b\u5fc5\u8981\u304c\u3042\u308b<\/p>\n
Kibana Beta init script
\nkibana4_init<\/p>\n
Apache2\u53cd\u5411\u4ee3\u7406\u8bbe\u7f6e<\/h2>\n
\u5f53\u542f\u52a8Elasticsearch\u548cKibana\u65f6\uff0c\u5b83\u4eec\u5206\u522b\u57285601\u548c9200\u7aef\u53e3\u4e0a\u8fdb\u884c\u76d1\u542c\uff0c\u4e3a\u4e86\u65b9\u4fbf\u8d77\u89c1\uff0c\u8bf7\u968f\u610f\u8fdb\u884c\u53cd\u5411\u4ee3\u7406\u8bbe\u7f6e\u3002<\/p>\n
<Location \/kibana>\r\n Require ip 127 192.168.1\r\n ProxyPass http:\/\/localhost:5601\r\n ProxyPassReverse http:\/\/localhost:5601\r\n<\/Location>\r\n\r\n<Location \/elasticsearch>\r\n Require ip 127 192.168.1\r\n ProxyPass http:\/\/localhost:9200\r\n ProxyPassReverse http:\/\/localhost:9200\r\n<\/Location>\r\n<\/code><\/pre>\n\u66f4\u6539RTX1100\u914d\u7f6e<\/h2>\n
\u6dfb\u52a0\u4e00\u4e2a\u8bbe\u7f6e\uff0c\u53ef\u4ee5\u5c06\u8def\u7531\u5668\u7684syslog\u53d1\u9001\u5230\u670d\u52a1\u5668\u4e2d\u3002<\/p>\n
#\r\n# SYSLOG configuration\r\n#\r\nsyslog local address 192.168.1.1\r\nsyslog host 192.168.1.100\r\nsyslog info on\r\nsyslog notice on\r\n<\/code><\/pre>\nElasticsearch\u914d\u7f6e<\/h2>\n
\u636e\u8bf4Elasticsearch\u4f1a\u81ea\u52a8\u8fdb\u884c\u5b57\u7b26\u4e32\u7684\u5143\u7d20\u89e3\u6790\uff0c\u5728\u4f7f\u7528Kibana\u8fdb\u884c\u53ef\u89c6\u5316\u65f6\uff0c\u6709\u4eba\u8bf4\u201c\u4e0d\u5c06\u5176\u8bbe\u4e3a\u672a\u5206\u6790\uff08not analyzed\uff09\u4f1a\u5f71\u54cd\u6027\u80fd\u201d\uff0c\u6240\u4ee5\u8981\u51c6\u5907\u4e00\u4e9b\u672a\u5206\u6790\u7684\u5b57\u6bb5\u3002\u53e6\u5916\uff0c\u5c06\u5730\u7406\u4fe1\u606f\u653e\u5165\u5b57\u6bb5\uff08geo_location\uff09\u7684\u7c7b\u578b\u8bbe\u4e3ageo_point\u3002<\/p>\n
$ curl -XPUT 192.168.1.100:9200\/rtx1100-*\/ -d \"`cat elasticsearch_default_template.json`\"\r\n\r\n# lasticsearch_default_template.json\r\n{\r\n \"template\": \"rtx1100-*\",\r\n \"mappings\": {\r\n \"_default_\": {\r\n \"dynamic_templates\": [\r\n {\r\n \"string_template\" : {\r\n \"match\" : \"*\",\r\n \"mapping\": {\r\n \"type\": \"string\",\r\n \"fields\": {\r\n \"full\": {\r\n \"type\": \"string\",\r\n \"index\": \"not_analyzed\"\r\n }\r\n }\r\n },\r\n \"match_mapping_type\": \"string\"\r\n }\r\n }\r\n ],\r\n \"properties\": {\r\n \"@timestamp\": { \"type\": \"date\", \"index\": \"not_analyzed\" },\r\n \"geo_location\": {\"type\" : \"geo_point\" }\r\n }\r\n }\r\n }\r\n}\r\n\r\n<\/code><\/pre>\n\u9009\u62e9\u4e00\u79cd\u65b9\u6cd5\u5c06\u4ee5\u4e0b\u53e5\u5b50\u4ee5\u4e2d\u56fd\u8bed\u8a00\u4e2d\u672c\u5730\u5316\u7684\u65b9\u5f0f\u8fdb\u884c\u6539\u5199\uff1a<\/h2>\n
\u914d\u7f6eFluid\u6a21\u5757<\/p>\n
\u5b89\u88c5 fluentd \u63d2\u4ef6\u3002<\/h3>\n
\u4f7f\u7528\u4e0b\u9762\u7684\u63d2\u4ef6\u3002<\/p>\n
fluent\/fluent-plugin-rewrite-tag-filter<\/p>\n
record\u5185\u306efield\u3092\u7528\u3044\u3066tag\u3092\u66f8\u304d\u63db\u3048\u3089\u308c\u305f\u308a\u3067\u304d\u308b\u30d5\u30a3\u30eb\u30bf\u30fc<\/p>\n
uken\/fluent-plugin-elasticsearch<\/p>\n
fluentd\u304b\u3089elasticsearch\u306b\u6d41\u3057\u3053\u3081\u308b<\/p>\n
y-ken\/fluent-plugin-geoip<\/p>\n
IP\u304b\u3089\u5730\u7406\u60c5\u5831\u3092\u53d6\u5f97\u3067\u304d\u308b\u3059\u3054\u3044\u3084\u3064<\/p>\n
repeatedly\/fluent-plugin-multi-format-parser<\/p>\n
\u8907\u6570\u306e\u30d1\u30fc\u30b5\u30fc\u3092\u9806\u756a\u306b\u8a66\u3057\u3066\u304f\u308c\u308b\u30d1\u30fc\u30b5\u30fc<\/p>\n
\u901a\u5e38\u3060\u3068\u30d1\u30fc\u30b5\u30fc\u306f\u4e00\u3064\u3057\u304b\u6307\u5b9a\u3067\u304d\u306a\u3044<\/p>\n
tagomoris\/fluent-plugin-parser<\/p>\n
\u3058\u3083\u306a\u304f\u3066\u306e\u4e2d\u3067\u30d1\u30fc\u30b9\u3067\u304d\u308b\u3088\u3046\u306b\u3059\u308b\u3084\u3064<\/p>\n
hiraro\/fluent-plugin-with-extra-fields-parser<\/p>\n
\u30d1\u30fc\u30b9\u3057\u305f\u5185\u5bb9\u3068\u306f\u5225\u306b\u3001\u6307\u5b9a\u3057\u305f\u4f59\u8a08\u306a\u30d5\u30a3\u30fc\u30eb\u30c9\u3092record\u306b\u3076\u3063\u8fbc\u3081\u308b\u3088\u3046\u306b\u3059\u308b\u30d1\u30fc\u30b5\u30fc
\n\u3044\u3044\u611f\u3058\u306e\u30d7\u30e9\u30b0\u30a4\u30f3\u304c\u306a\u3044\u3063\u307d\u3044\u306e\u3067\u4f5c\u3063\u305f<\/p>\n
\u6d41\u7545d\u7684\u8bbe\u5b9a\u6587\u4ef6<\/h3>\n\n- \n
RTX1100\u304b\u3089\u6d41\u308c\u3066\u304d\u305fsyslog\u3092\u6b63\u898f\u8868\u73fe\u3067\u30de\u30c3\u30c1\u3055\u305b\u3066\u5206\u89e3<\/ul>\n<\/li>\n<\/ul>\n\u30de\u30c3\u30c1\u3057\u306a\u304b\u3063\u305f\u305d\u308c\u4ee5\u5916\u306e\u5f62\u5f0f\u306e\u30ed\u30b0\u306f\u3001\u5206\u89e3\u3057\u306a\u3044<\/p>\n
\u30ed\u30b0\u306e\u7a2e\u985e\u3054\u3068\u306b(elasticsearch\u306e)index\u3092\u5206\u3051\u3066\u683c\u7d0d<\/p>\n
# \u52d5\u7684\u30d5\u30a3\u30eb\u30bf => index: rtx1100-inspect\r\n- [INSPECT] PP[01][out][105] TCP xxx.xxx.xxx.xxx:xxxxx > yyy.yyy.yyy.yyy:yyyyy (yyyy\/MM\/dd hh:mm:ss)\r\n\r\n# \u30d5\u30a3\u30eb\u30bf\u30ea\u30b8\u30a7\u30af\u30c8 => index: rtx1100-reject\r\n# \u30ea\u30b8\u30a7\u30af\u30c8\u7cfb\u3060\u3051\u306ffluent-plugin-geoip\u3067\u767a\u4fe1\u6e90\u306e\u5730\u7406\u60c5\u5831\u3092\u53d6\u5f97\u3059\u308b\r\n- PP[01] Rejected at IN(xxxx) filter: TCP xxx.xxx.xxx.xxx:xxxxx > yyy.yyy.yyy.yyy:yyyyy\r\n\r\n# \u30b3\u30f3\u30bd\u30fc\u30eb\u30ed\u30b0\u30a4\u30f3\/\u30ed\u30b0\u30a2\u30a6\u30c8 => index: rtx1100-console\r\n- Login succeeded for TELNET: xxx.xxx.xxx.xxx\r\n- Logout from TELNET: xxx.xxx.xxx.xxx\r\n\r\n# VPN\u63a5\u7d9a\/\u5207\u65ad => index: rtx1100-tunnel\r\n- [L2TP] TUNNEL[1] connected from xxx.xxx.xxx.xxx\r\n- [L2TP] TUNNEL[1] disconnect tunnel xxxxx complete\r\n\r\n# \u305d\u306e\u4ed6 => rtx1100-other\r\n<\/code><\/pre>\n# \/etc\/td-agent\/td-agent.conf\r\n\r\n####\r\n## Source descriptions:\r\n##\r\n\r\n## syslog\r\n<source>\r\n type syslog\r\n tag raw.rtx1100\r\n format none\r\n<\/source>\r\n\r\n####\r\n## Output descriptions:\r\n##\r\n\r\n<match raw.rtx1100.**>\r\n type parser\r\n format multi_format\r\n key_name message\r\n remove_prefix raw\r\n add_prefix parsed\r\n <pattern>\r\n format with_extra_fields\r\n base_format \/^\\[INSPECT\\]\\s+(?<target>.+)\\[(?<direction>.+)\\]\\[(?<filter_num>\\d+)\\]\\s+(?<proto>.+)\\s+(?<src_ip>.+):(?<src_port>.+)\\s+>\\s+(?<dest_ip>.+):(?<dest_port>.+)\\s+\\((?<time>.+)\\)$\/\r\n time_format '%Y\/%m\/%d %H:%M:%S'\r\n extra_fields { \"log_type\": \"inspect\" }\r\n <\/pattern>\r\n <pattern>\r\n format with_extra_fields\r\n base_format \/^(?<target>.+)\\s+Rejected\\s+at\\s+(?<direction>.+)\\((?<filter_num>\\d+)\\)\\s+filter:\\s+(?<proto>.+)\\s+(?<src_ip>.+):(?<src_port>.+)\\s+>\\s+(?<dest_ip>.+):(?<dest_port>.+)$\/ \r\n extra_fields { \"log_type\": \"reject\" }\r\n <\/pattern>\r\n <pattern>\r\n format with_extra_fields\r\n base_format \/^Logout\\s+from\\s+(?<proto>.+):\\s+(?<ip>.+)$\/\r\n extra_fields { \"log_type\": \"console_logout\" }\r\n <\/pattern>\r\n <pattern>\r\n format with_extra_fields\r\n base_format \/^Login\\s+succeeded\\s+for\\s+(?<proto>.+):\\s+(?<ip>.+)$\/ \r\n extra_fields { \"log_type\": \"console_login\" }\r\n <\/pattern>\r\n <pattern>\r\n format with_extra_fields\r\n base_format \/^\\[(?<proto>.+)\\]\\s+(?<tunnel>.+)\\s+connected\\s+from\\s+(?<src_ip>.+)$\/ \r\n extra_fields { \"log_type\": \"tunnel_connect\" }\r\n <\/pattern>\r\n <pattern>\r\n format with_extra_fields\r\n base_format \/^\\[(?<proto>.+)\\]\\s+(?<tunnel>.+)\\s+disconnect\\s+tunnel\\s+\\d+\\s+complete$\/ \r\n extra_fields { \"log_type\": \"tunnel_disconnect\" }\r\n <\/pattern> \r\n <pattern>\r\n format with_extra_fields\r\n base_format \/^(?<msg>.+)$\/\r\n extra_fields { \"log_type\": \"other\" }\r\n <\/pattern> \r\n<\/match>\r\n\r\n<match parsed.rtx1100.**>\r\n type rewrite_tag_filter\r\n rewriterule1 log_type ^inspect$ rtx1100.inspect\r\n rewriterule2 log_type ^reject$ temp.rtx1100.reject\r\n rewriterule3 log_type ^console_(.+)$ rtx1100.console.$1\r\n rewriterule4 log_type ^tunnel_(.+)$ rtx1100.tunnel.$1\r\n rewriterule5 log_type ^other$ rtx1100.other\r\n<\/match>\r\n\r\n<match rtx1100.inspect.**>\r\n type elasticsearch\r\n logstash_format true\r\n logstash_prefix rtx1100-inspect\r\n include_tag_key true\r\n tag_key @log_name\r\n hosts localhost:9200\r\n buffer_type memory\r\n num_threads 1\r\n flush_interval 60\r\n retry_wait 1.0\r\n retry_limit 17\r\n<\/match>\r\n\r\n<match temp.rtx1100.reject.**>\r\n type geoip\r\n geoip_lookup_key src_ip\r\n <record>\r\n geo_location '{ \"lat\" : ${latitude[\"src_ip\"]}, \"lon\" : ${longitude[\"src_ip\"]} }'\r\n country_code ${country_code[\"src_ip\"]}\r\n <\/record>\r\n remove_tag_prefix temp.\r\n skip_adding_null_record true\r\n flush_interval 1s\r\n<\/match>\r\n<match rtx1100.reject.**>\r\n type elasticsearch\r\n logstash_format true\r\n logstash_prefix rtx1100-reject\r\n include_tag_key true\r\n tag_key @log_name\r\n hosts localhost:9200\r\n buffer_type memory\r\n num_threads 1\r\n flush_interval 60\r\n retry_wait 1.0\r\n retry_limit 17\r\n<\/match>\r\n\r\n<match rtx1100.console.**>\r\n type elasticsearch\r\n logstash_format true\r\n logstash_prefix rtx1100-console\r\n include_tag_key true\r\n tag_key @log_name\r\n hosts localhost:9200\r\n buffer_type memory\r\n num_threads 1\r\n flush_interval 60\r\n retry_wait 1.0\r\n retry_limit 17\r\n<\/match>\r\n\r\n<match rtx1100.tunnel.**>\r\n type elasticsearch\r\n logstash_format true\r\n logstash_prefix rtx1100-tunnel\r\n include_tag_key true\r\n tag_key @log_name\r\n hosts localhost:9200\r\n buffer_type memory\r\n num_threads 1\r\n flush_interval 60\r\n retry_wait 1.0\r\n retry_limit 17\r\n<\/match>\r\n\r\n<match rtx1100.other.**>\r\n type elasticsearch\r\n logstash_format true\r\n logstash_prefix rtx1100-other\r\n include_tag_key true\r\n tag_key @log_name\r\n hosts localhost:9200\r\n buffer_type memory\r\n num_threads 1\r\n flush_interval 60\r\n retry_wait 1.0\r\n retry_limit 17\r\n<\/match>\r\n\r\n<\/code><\/pre>\n\u53c2\u8003\u8d44\u6599\u3001\u5f15\u6587\u3001\u53c2\u8003\u6587\u732e<\/h1>\n\n- \n
\u4eca\u65e5\u304b\u3089\u59cb\u3081\u308bfluentd \u00d7 Elasticsearch \u00d7 kibana – \u30ab\u30b8\u30e5\u30a2\u30eb\u306a\u89e3\u6790\u30fb\u9ad8\u901f\u5316 – \u682a\u5f0f\u4f1a\u793e\u30a8\u30a6\u30ec\u30ab<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
Fluentd\u3001ElasticSearch\u3001Kibana4\u306b\u3088\u308b\u30ed\u30b0\u5206\u6790\u74b0\u5883\u306e\u69cb\u7bc9 | hrendoh’s memo<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
Kibana+Elasticsearch\u3067\u6587\u5b57\u5217\u306e\u5b8c\u5168\u4e00\u81f4\u3068\u90e8\u5206\u4e00\u81f4\u691c\u7d22\u306e\u4e21\u65b9\u3092\u5b9f\u73fe\u3059\u308b – Qiita<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\u30d7\u30ed\u30c0\u30af\u30b7\u30e7\u30f3\u74b0\u5883\u3067Elasticsearch+kibana(fluentd)\u3067\u30ed\u30b0\u53ef\u8996\u5316\u904b\u7528\u3092\u3057\u3066\u307f\u3066\u308f\u304b\u3063\u305f\u4e8b – shnagai\u306e\u30a4\u30f3\u30d5\u30e9\u5099\u5fd8\u9332<\/ul>\n","protected":false},"excerpt":{"rendered":"\u7b80\u8ff0 \u6211\u8bd5\u7740\u4f7f\u7528 fluentd + elasticsearch + kibana \u5c06\u8def\u7531\u5668\u7684\u6570\u636e\u5305\u8fc7\u6ee4\u5668\u4e2d\u88ab […]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-41327","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\n
\u4f7f\u7528Fluentd + Elasticsearch + Kibana\u6765\u5bf9YAMAHA RTX1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316 - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528fluentd-elasticsearch-kibana\u6765\u5bf9yamaha-rtx1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316\u3002\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u4f7f\u7528Fluentd + Elasticsearch + Kibana\u6765\u5bf9YAMAHA RTX1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316\" \/>\n<meta property=\"og:description\" content=\"\u7b80\u8ff0 \u6211\u8bd5\u7740\u4f7f\u7528 fluentd + elasticsearch + kibana \u5c06\u8def\u7531\u5668\u7684\u6570\u636e\u5305\u8fc7\u6ee4\u5668\u4e2d\u88ab […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528fluentd-elasticsearch-kibana\u6765\u5bf9yamaha-rtx1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316\u3002\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-18T10:54:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-28T16:59:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d461837434c4406ca440b\/2-0.png\" \/>\n<meta name=\"author\" content=\"\u79d1, \u9896\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u79d1, \u9896\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/\",\"name\":\"\u4f7f\u7528Fluentd + Elasticsearch + Kibana\u6765\u5bf9YAMAHA RTX1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316 - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-03-18T10:54:01+00:00\",\"dateModified\":\"2024-04-28T16:59:14+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u4f7f\u7528Fluentd + Elasticsearch + Kibana\u6765\u5bf9YAMAHA RTX1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e\",\"name\":\"\u79d1, \u9896\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g\",\"caption\":\"\u79d1, \u9896\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/keying\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u4f7f\u7528Fluentd + Elasticsearch + Kibana\u6765\u5bf9YAMAHA RTX1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316 - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528fluentd-elasticsearch-kibana\u6765\u5bf9yamaha-rtx1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316\u3002\/","og_locale":"zh_CN","og_type":"article","og_title":"\u4f7f\u7528Fluentd + Elasticsearch + Kibana\u6765\u5bf9YAMAHA RTX1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316","og_description":"\u7b80\u8ff0 \u6211\u8bd5\u7740\u4f7f\u7528 fluentd + elasticsearch + kibana \u5c06\u8def\u7531\u5668\u7684\u6570\u636e\u5305\u8fc7\u6ee4\u5668\u4e2d\u88ab […]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528fluentd-elasticsearch-kibana\u6765\u5bf9yamaha-rtx1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316\u3002\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-03-18T10:54:01+00:00","article_modified_time":"2024-04-28T16:59:14+00:00","og_image":[{"url":"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d461837434c4406ca440b\/2-0.png"}],"author":"\u79d1, \u9896","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u79d1, \u9896","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"4 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/","name":"\u4f7f\u7528Fluentd + Elasticsearch + Kibana\u6765\u5bf9YAMAHA RTX1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316 - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-03-18T10:54:01+00:00","dateModified":"2024-04-28T16:59:14+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u4f7f\u7528Fluentd + Elasticsearch + Kibana\u6765\u5bf9YAMAHA RTX1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e","name":"\u79d1, \u9896","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g","caption":"\u79d1, \u9896"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/keying\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/41327","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=41327"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/41327\/revisions"}],"predecessor-version":[{"id":70060,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/41327\/revisions\/70060"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=41327"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=41327"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=41327"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- \n
- \n
- \u30eb\u30fc\u30bf\uff08RTX1100\uff09IP: 192.168.1.1<\/ul>\n<\/li>\n<\/ul>\n
- \n
- \u30b5\u30fc\u30d0<\/ul>\n<\/li>\n<\/ul>\n
- \n
- fluentd<\/ul>\n<\/li>\n<\/ul>\n
- \n
- elasticsearch<\/ul>\n<\/li>\n<\/ul>\n
kibana<\/p>\n
\u305f\u3060\u3057\u3001OS\u8d77\u52d5\u6642\u306b\u81ea\u52d5\u8d77\u52d5\u3055\u305b\u308b\u3088\u3046\u306b\u3059\u308b\u306b\u306f\u3001init.d\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u3069\u3063\u304b\u304b\u3089\u62fe\u3063\u3066\u304f\u308b\u5fc5\u8981\u304c\u3042\u308b<\/p>\n
Kibana Beta init script
\nkibana4_init<\/p>\nApache2\u53cd\u5411\u4ee3\u7406\u8bbe\u7f6e<\/h2>\n
\u5f53\u542f\u52a8Elasticsearch\u548cKibana\u65f6\uff0c\u5b83\u4eec\u5206\u522b\u57285601\u548c9200\u7aef\u53e3\u4e0a\u8fdb\u884c\u76d1\u542c\uff0c\u4e3a\u4e86\u65b9\u4fbf\u8d77\u89c1\uff0c\u8bf7\u968f\u610f\u8fdb\u884c\u53cd\u5411\u4ee3\u7406\u8bbe\u7f6e\u3002<\/p>\n
<Location \/kibana>\r\n Require ip 127 192.168.1\r\n ProxyPass http:\/\/localhost:5601\r\n ProxyPassReverse http:\/\/localhost:5601\r\n<\/Location>\r\n\r\n<Location \/elasticsearch>\r\n Require ip 127 192.168.1\r\n ProxyPass http:\/\/localhost:9200\r\n ProxyPassReverse http:\/\/localhost:9200\r\n<\/Location>\r\n<\/code><\/pre>\n\u66f4\u6539RTX1100\u914d\u7f6e<\/h2>\n
\u6dfb\u52a0\u4e00\u4e2a\u8bbe\u7f6e\uff0c\u53ef\u4ee5\u5c06\u8def\u7531\u5668\u7684syslog\u53d1\u9001\u5230\u670d\u52a1\u5668\u4e2d\u3002<\/p>\n
#\r\n# SYSLOG configuration\r\n#\r\nsyslog local address 192.168.1.1\r\nsyslog host 192.168.1.100\r\nsyslog info on\r\nsyslog notice on\r\n<\/code><\/pre>\nElasticsearch\u914d\u7f6e<\/h2>\n
\u636e\u8bf4Elasticsearch\u4f1a\u81ea\u52a8\u8fdb\u884c\u5b57\u7b26\u4e32\u7684\u5143\u7d20\u89e3\u6790\uff0c\u5728\u4f7f\u7528Kibana\u8fdb\u884c\u53ef\u89c6\u5316\u65f6\uff0c\u6709\u4eba\u8bf4\u201c\u4e0d\u5c06\u5176\u8bbe\u4e3a\u672a\u5206\u6790\uff08not analyzed\uff09\u4f1a\u5f71\u54cd\u6027\u80fd\u201d\uff0c\u6240\u4ee5\u8981\u51c6\u5907\u4e00\u4e9b\u672a\u5206\u6790\u7684\u5b57\u6bb5\u3002\u53e6\u5916\uff0c\u5c06\u5730\u7406\u4fe1\u606f\u653e\u5165\u5b57\u6bb5\uff08geo_location\uff09\u7684\u7c7b\u578b\u8bbe\u4e3ageo_point\u3002<\/p>\n
$ curl -XPUT 192.168.1.100:9200\/rtx1100-*\/ -d \"`cat elasticsearch_default_template.json`\"\r\n\r\n# lasticsearch_default_template.json\r\n{\r\n \"template\": \"rtx1100-*\",\r\n \"mappings\": {\r\n \"_default_\": {\r\n \"dynamic_templates\": [\r\n {\r\n \"string_template\" : {\r\n \"match\" : \"*\",\r\n \"mapping\": {\r\n \"type\": \"string\",\r\n \"fields\": {\r\n \"full\": {\r\n \"type\": \"string\",\r\n \"index\": \"not_analyzed\"\r\n }\r\n }\r\n },\r\n \"match_mapping_type\": \"string\"\r\n }\r\n }\r\n ],\r\n \"properties\": {\r\n \"@timestamp\": { \"type\": \"date\", \"index\": \"not_analyzed\" },\r\n \"geo_location\": {\"type\" : \"geo_point\" }\r\n }\r\n }\r\n }\r\n}\r\n\r\n<\/code><\/pre>\n\u9009\u62e9\u4e00\u79cd\u65b9\u6cd5\u5c06\u4ee5\u4e0b\u53e5\u5b50\u4ee5\u4e2d\u56fd\u8bed\u8a00\u4e2d\u672c\u5730\u5316\u7684\u65b9\u5f0f\u8fdb\u884c\u6539\u5199\uff1a<\/h2>\n
\u914d\u7f6eFluid\u6a21\u5757<\/p>\n
\u5b89\u88c5 fluentd \u63d2\u4ef6\u3002<\/h3>\n
\u4f7f\u7528\u4e0b\u9762\u7684\u63d2\u4ef6\u3002<\/p>\n
fluent\/fluent-plugin-rewrite-tag-filter<\/p>\n
record\u5185\u306efield\u3092\u7528\u3044\u3066tag\u3092\u66f8\u304d\u63db\u3048\u3089\u308c\u305f\u308a\u3067\u304d\u308b\u30d5\u30a3\u30eb\u30bf\u30fc<\/p>\n
uken\/fluent-plugin-elasticsearch<\/p>\n
fluentd\u304b\u3089elasticsearch\u306b\u6d41\u3057\u3053\u3081\u308b<\/p>\n
y-ken\/fluent-plugin-geoip<\/p>\n
IP\u304b\u3089\u5730\u7406\u60c5\u5831\u3092\u53d6\u5f97\u3067\u304d\u308b\u3059\u3054\u3044\u3084\u3064<\/p>\n
repeatedly\/fluent-plugin-multi-format-parser<\/p>\n
\u8907\u6570\u306e\u30d1\u30fc\u30b5\u30fc\u3092\u9806\u756a\u306b\u8a66\u3057\u3066\u304f\u308c\u308b\u30d1\u30fc\u30b5\u30fc<\/p>\n
\u901a\u5e38\u3060\u3068\u30d1\u30fc\u30b5\u30fc\u306f\u4e00\u3064\u3057\u304b\u6307\u5b9a\u3067\u304d\u306a\u3044<\/p>\n
tagomoris\/fluent-plugin-parser<\/p>\n
\u3058\u3083\u306a\u304f\u3066\u306e\u4e2d\u3067\u30d1\u30fc\u30b9\u3067\u304d\u308b\u3088\u3046\u306b\u3059\u308b\u3084\u3064<\/p>\n
hiraro\/fluent-plugin-with-extra-fields-parser<\/p>\n
\u30d1\u30fc\u30b9\u3057\u305f\u5185\u5bb9\u3068\u306f\u5225\u306b\u3001\u6307\u5b9a\u3057\u305f\u4f59\u8a08\u306a\u30d5\u30a3\u30fc\u30eb\u30c9\u3092record\u306b\u3076\u3063\u8fbc\u3081\u308b\u3088\u3046\u306b\u3059\u308b\u30d1\u30fc\u30b5\u30fc
\n\u3044\u3044\u611f\u3058\u306e\u30d7\u30e9\u30b0\u30a4\u30f3\u304c\u306a\u3044\u3063\u307d\u3044\u306e\u3067\u4f5c\u3063\u305f<\/p>\n\u6d41\u7545d\u7684\u8bbe\u5b9a\u6587\u4ef6<\/h3>\n
- \n
- \n
- RTX1100\u304b\u3089\u6d41\u308c\u3066\u304d\u305fsyslog\u3092\u6b63\u898f\u8868\u73fe\u3067\u30de\u30c3\u30c1\u3055\u305b\u3066\u5206\u89e3<\/ul>\n<\/li>\n<\/ul>\n
\u30de\u30c3\u30c1\u3057\u306a\u304b\u3063\u305f\u305d\u308c\u4ee5\u5916\u306e\u5f62\u5f0f\u306e\u30ed\u30b0\u306f\u3001\u5206\u89e3\u3057\u306a\u3044<\/p>\n
\u30ed\u30b0\u306e\u7a2e\u985e\u3054\u3068\u306b(elasticsearch\u306e)index\u3092\u5206\u3051\u3066\u683c\u7d0d<\/p>\n
# \u52d5\u7684\u30d5\u30a3\u30eb\u30bf => index: rtx1100-inspect\r\n- [INSPECT] PP[01][out][105] TCP xxx.xxx.xxx.xxx:xxxxx > yyy.yyy.yyy.yyy:yyyyy (yyyy\/MM\/dd hh:mm:ss)\r\n\r\n# \u30d5\u30a3\u30eb\u30bf\u30ea\u30b8\u30a7\u30af\u30c8 => index: rtx1100-reject\r\n# \u30ea\u30b8\u30a7\u30af\u30c8\u7cfb\u3060\u3051\u306ffluent-plugin-geoip\u3067\u767a\u4fe1\u6e90\u306e\u5730\u7406\u60c5\u5831\u3092\u53d6\u5f97\u3059\u308b\r\n- PP[01] Rejected at IN(xxxx) filter: TCP xxx.xxx.xxx.xxx:xxxxx > yyy.yyy.yyy.yyy:yyyyy\r\n\r\n# \u30b3\u30f3\u30bd\u30fc\u30eb\u30ed\u30b0\u30a4\u30f3\/\u30ed\u30b0\u30a2\u30a6\u30c8 => index: rtx1100-console\r\n- Login succeeded for TELNET: xxx.xxx.xxx.xxx\r\n- Logout from TELNET: xxx.xxx.xxx.xxx\r\n\r\n# VPN\u63a5\u7d9a\/\u5207\u65ad => index: rtx1100-tunnel\r\n- [L2TP] TUNNEL[1] connected from xxx.xxx.xxx.xxx\r\n- [L2TP] TUNNEL[1] disconnect tunnel xxxxx complete\r\n\r\n# \u305d\u306e\u4ed6 => rtx1100-other\r\n<\/code><\/pre>\n# \/etc\/td-agent\/td-agent.conf\r\n\r\n####\r\n## Source descriptions:\r\n##\r\n\r\n## syslog\r\n<source>\r\n type syslog\r\n tag raw.rtx1100\r\n format none\r\n<\/source>\r\n\r\n####\r\n## Output descriptions:\r\n##\r\n\r\n<match raw.rtx1100.**>\r\n type parser\r\n format multi_format\r\n key_name message\r\n remove_prefix raw\r\n add_prefix parsed\r\n <pattern>\r\n format with_extra_fields\r\n base_format \/^\\[INSPECT\\]\\s+(?<target>.+)\\[(?<direction>.+)\\]\\[(?<filter_num>\\d+)\\]\\s+(?<proto>.+)\\s+(?<src_ip>.+):(?<src_port>.+)\\s+>\\s+(?<dest_ip>.+):(?<dest_port>.+)\\s+\\((?<time>.+)\\)$\/\r\n time_format '%Y\/%m\/%d %H:%M:%S'\r\n extra_fields { \"log_type\": \"inspect\" }\r\n <\/pattern>\r\n <pattern>\r\n format with_extra_fields\r\n base_format \/^(?<target>.+)\\s+Rejected\\s+at\\s+(?<direction>.+)\\((?<filter_num>\\d+)\\)\\s+filter:\\s+(?<proto>.+)\\s+(?<src_ip>.+):(?<src_port>.+)\\s+>\\s+(?<dest_ip>.+):(?<dest_port>.+)$\/ \r\n extra_fields { \"log_type\": \"reject\" }\r\n <\/pattern>\r\n <pattern>\r\n format with_extra_fields\r\n base_format \/^Logout\\s+from\\s+(?<proto>.+):\\s+(?<ip>.+)$\/\r\n extra_fields { \"log_type\": \"console_logout\" }\r\n <\/pattern>\r\n <pattern>\r\n format with_extra_fields\r\n base_format \/^Login\\s+succeeded\\s+for\\s+(?<proto>.+):\\s+(?<ip>.+)$\/ \r\n extra_fields { \"log_type\": \"console_login\" }\r\n <\/pattern>\r\n <pattern>\r\n format with_extra_fields\r\n base_format \/^\\[(?<proto>.+)\\]\\s+(?<tunnel>.+)\\s+connected\\s+from\\s+(?<src_ip>.+)$\/ \r\n extra_fields { \"log_type\": \"tunnel_connect\" }\r\n <\/pattern>\r\n <pattern>\r\n format with_extra_fields\r\n base_format \/^\\[(?<proto>.+)\\]\\s+(?<tunnel>.+)\\s+disconnect\\s+tunnel\\s+\\d+\\s+complete$\/ \r\n extra_fields { \"log_type\": \"tunnel_disconnect\" }\r\n <\/pattern> \r\n <pattern>\r\n format with_extra_fields\r\n base_format \/^(?<msg>.+)$\/\r\n extra_fields { \"log_type\": \"other\" }\r\n <\/pattern> \r\n<\/match>\r\n\r\n<match parsed.rtx1100.**>\r\n type rewrite_tag_filter\r\n rewriterule1 log_type ^inspect$ rtx1100.inspect\r\n rewriterule2 log_type ^reject$ temp.rtx1100.reject\r\n rewriterule3 log_type ^console_(.+)$ rtx1100.console.$1\r\n rewriterule4 log_type ^tunnel_(.+)$ rtx1100.tunnel.$1\r\n rewriterule5 log_type ^other$ rtx1100.other\r\n<\/match>\r\n\r\n<match rtx1100.inspect.**>\r\n type elasticsearch\r\n logstash_format true\r\n logstash_prefix rtx1100-inspect\r\n include_tag_key true\r\n tag_key @log_name\r\n hosts localhost:9200\r\n buffer_type memory\r\n num_threads 1\r\n flush_interval 60\r\n retry_wait 1.0\r\n retry_limit 17\r\n<\/match>\r\n\r\n<match temp.rtx1100.reject.**>\r\n type geoip\r\n geoip_lookup_key src_ip\r\n <record>\r\n geo_location '{ \"lat\" : ${latitude[\"src_ip\"]}, \"lon\" : ${longitude[\"src_ip\"]} }'\r\n country_code ${country_code[\"src_ip\"]}\r\n <\/record>\r\n remove_tag_prefix temp.\r\n skip_adding_null_record true\r\n flush_interval 1s\r\n<\/match>\r\n<match rtx1100.reject.**>\r\n type elasticsearch\r\n logstash_format true\r\n logstash_prefix rtx1100-reject\r\n include_tag_key true\r\n tag_key @log_name\r\n hosts localhost:9200\r\n buffer_type memory\r\n num_threads 1\r\n flush_interval 60\r\n retry_wait 1.0\r\n retry_limit 17\r\n<\/match>\r\n\r\n<match rtx1100.console.**>\r\n type elasticsearch\r\n logstash_format true\r\n logstash_prefix rtx1100-console\r\n include_tag_key true\r\n tag_key @log_name\r\n hosts localhost:9200\r\n buffer_type memory\r\n num_threads 1\r\n flush_interval 60\r\n retry_wait 1.0\r\n retry_limit 17\r\n<\/match>\r\n\r\n<match rtx1100.tunnel.**>\r\n type elasticsearch\r\n logstash_format true\r\n logstash_prefix rtx1100-tunnel\r\n include_tag_key true\r\n tag_key @log_name\r\n hosts localhost:9200\r\n buffer_type memory\r\n num_threads 1\r\n flush_interval 60\r\n retry_wait 1.0\r\n retry_limit 17\r\n<\/match>\r\n\r\n<match rtx1100.other.**>\r\n type elasticsearch\r\n logstash_format true\r\n logstash_prefix rtx1100-other\r\n include_tag_key true\r\n tag_key @log_name\r\n hosts localhost:9200\r\n buffer_type memory\r\n num_threads 1\r\n flush_interval 60\r\n retry_wait 1.0\r\n retry_limit 17\r\n<\/match>\r\n\r\n<\/code><\/pre>\n\u53c2\u8003\u8d44\u6599\u3001\u5f15\u6587\u3001\u53c2\u8003\u6587\u732e<\/h1>\n
- \n
- \n
- \u4eca\u65e5\u304b\u3089\u59cb\u3081\u308bfluentd \u00d7 Elasticsearch \u00d7 kibana – \u30ab\u30b8\u30e5\u30a2\u30eb\u306a\u89e3\u6790\u30fb\u9ad8\u901f\u5316 – \u682a\u5f0f\u4f1a\u793e\u30a8\u30a6\u30ec\u30ab<\/ul>\n<\/li>\n<\/ul>\n
- \n
- Fluentd\u3001ElasticSearch\u3001Kibana4\u306b\u3088\u308b\u30ed\u30b0\u5206\u6790\u74b0\u5883\u306e\u69cb\u7bc9 | hrendoh’s memo<\/ul>\n<\/li>\n<\/ul>\n
- \n
- Kibana+Elasticsearch\u3067\u6587\u5b57\u5217\u306e\u5b8c\u5168\u4e00\u81f4\u3068\u90e8\u5206\u4e00\u81f4\u691c\u7d22\u306e\u4e21\u65b9\u3092\u5b9f\u73fe\u3059\u308b – Qiita<\/ul>\n<\/li>\n<\/ul>\n
<\/p>\n
- \u30d7\u30ed\u30c0\u30af\u30b7\u30e7\u30f3\u74b0\u5883\u3067Elasticsearch+kibana(fluentd)\u3067\u30ed\u30b0\u53ef\u8996\u5316\u904b\u7528\u3092\u3057\u3066\u307f\u3066\u308f\u304b\u3063\u305f\u4e8b – shnagai\u306e\u30a4\u30f3\u30d5\u30e9\u5099\u5fd8\u9332<\/ul>\n","protected":false},"excerpt":{"rendered":"
\u7b80\u8ff0 \u6211\u8bd5\u7740\u4f7f\u7528 fluentd + elasticsearch + kibana \u5c06\u8def\u7531\u5668\u7684\u6570\u636e\u5305\u8fc7\u6ee4\u5668\u4e2d\u88ab […]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-41327","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\n
\u4f7f\u7528Fluentd + Elasticsearch + Kibana\u6765\u5bf9YAMAHA RTX1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316 - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528fluentd-elasticsearch-kibana\u6765\u5bf9yamaha-rtx1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316\u3002\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u4f7f\u7528Fluentd + Elasticsearch + Kibana\u6765\u5bf9YAMAHA RTX1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316\" \/>\n<meta property=\"og:description\" content=\"\u7b80\u8ff0 \u6211\u8bd5\u7740\u4f7f\u7528 fluentd + elasticsearch + kibana \u5c06\u8def\u7531\u5668\u7684\u6570\u636e\u5305\u8fc7\u6ee4\u5668\u4e2d\u88ab […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528fluentd-elasticsearch-kibana\u6765\u5bf9yamaha-rtx1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316\u3002\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-18T10:54:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-28T16:59:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d461837434c4406ca440b\/2-0.png\" \/>\n<meta name=\"author\" content=\"\u79d1, \u9896\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u79d1, \u9896\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/\",\"name\":\"\u4f7f\u7528Fluentd + Elasticsearch + Kibana\u6765\u5bf9YAMAHA RTX1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316 - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-03-18T10:54:01+00:00\",\"dateModified\":\"2024-04-28T16:59:14+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u4f7f\u7528Fluentd + Elasticsearch + Kibana\u6765\u5bf9YAMAHA RTX1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e\",\"name\":\"\u79d1, \u9896\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g\",\"caption\":\"\u79d1, \u9896\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/keying\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u4f7f\u7528Fluentd + Elasticsearch + Kibana\u6765\u5bf9YAMAHA RTX1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316 - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528fluentd-elasticsearch-kibana\u6765\u5bf9yamaha-rtx1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316\u3002\/","og_locale":"zh_CN","og_type":"article","og_title":"\u4f7f\u7528Fluentd + Elasticsearch + Kibana\u6765\u5bf9YAMAHA RTX1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316","og_description":"\u7b80\u8ff0 \u6211\u8bd5\u7740\u4f7f\u7528 fluentd + elasticsearch + kibana \u5c06\u8def\u7531\u5668\u7684\u6570\u636e\u5305\u8fc7\u6ee4\u5668\u4e2d\u88ab […]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528fluentd-elasticsearch-kibana\u6765\u5bf9yamaha-rtx1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316\u3002\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-03-18T10:54:01+00:00","article_modified_time":"2024-04-28T16:59:14+00:00","og_image":[{"url":"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d461837434c4406ca440b\/2-0.png"}],"author":"\u79d1, \u9896","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u79d1, \u9896","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"4 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/","name":"\u4f7f\u7528Fluentd + Elasticsearch + Kibana\u6765\u5bf9YAMAHA RTX1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316 - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-03-18T10:54:01+00:00","dateModified":"2024-04-28T16:59:14+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u4f7f\u7528Fluentd + Elasticsearch + Kibana\u6765\u5bf9YAMAHA RTX1100\u7684syslog\u8fdb\u884c\u7c7b\u4f3c\u7684\u53ef\u89c6\u5316"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e","name":"\u79d1, \u9896","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g","caption":"\u79d1, \u9896"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/keying\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluentd-elasticsearch-kibana%e6%9d%a5%e5%af%b9yamaha-rtx1100%e7%9a%84syslog%e8%bf%9b%e8%a1%8c%e7%b1%bb%e4%bc%bc%e7%9a%84%e5%8f%af%e8%a7%86%e5%8c%96%e3%80%82\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/41327","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=41327"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/41327\/revisions"}],"predecessor-version":[{"id":70060,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/41327\/revisions\/70060"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=41327"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=41327"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=41327"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
<\/p>\n
- \n
- \n
<\/p>\n
- \n
- \n
- \n
- \n
<\/p>\n
- \n
- \n
OS: Ubuntu 14.04.3 LTS Trusty
\nIP: 192.168.1.100
\nkibana, fluentd, elasticsearch\u3092\u52d5\u304b\u3059
\nLAN\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u306e\u307f\u60f3\u5b9a\u6545\u3001\u30b5\u30fc\u30d0\u306eFW\u306f\u30ac\u30e9\u7a7a\u304d<\/p>\n\u5b89\u88c5\u8f6f\u4ef6\u5305<\/h2>\n
\u516c\u5f0f\u7684\u6b65\u9aa4\u53ef\u4ee5\u4f5c\u4e3a\u53c2\u8003\u3002<\/p>\n
- \n
- \n
<\/p>\n
- \n
- \n