E\u011fer bu isimler i\u00e7in bir dns serverda kayd\u0131m\u0131z yok ise cpanel sunucuda a\u015fa\u011f\u0131daki dosyaya elkstack server\u0131n ip ve hostname ini girelim ki aramak ile vakit kaybetmesin. \/etc\/hosts dosyas\u0131n\u0131 a\u00e7\u0131p a\u015fa\u011f\u0131daki kayd\u0131 girelim , tabi hostname ve ip adresi Sizin yap\u0131n\u0131za g\u00f6re olmal\u0131.<\/p>\n
root@cpanel.ayhanarda.com [~]# nano \/etc\/hosts<\/strong> \u015eimdi centos repo suna logstash forwarder i\u00e7in kay\u0131t ekleyelim.<\/p>\n rpm –import http:\/\/packages.elasticsearch.org\/GPG-KEY-elasticsearch<\/strong><\/p>\n cat >> \/etc\/yum.repos.d\/logstash-forwarder.repo << REPO<\/strong> Art\u0131k logstash-forwarder kurmaya haz\u0131r\u0131z.<\/p>\n yum -y install logstash-forwarder<\/strong><\/p>\n Elkstack serverda olu\u015fturdu\u011fumuz sertifikay\u0131 a\u015fa\u011f\u0131daki dosyan\u0131n i\u00e7ine girip kaydedelim , bu dosya yok ise olu\u015ftural\u0131m.<\/p>\n nano \/etc\/pki\/tls\/certs\/logstash-forwarder.crt<\/strong><\/p>\n —–BEGIN CERTIFICATE—–<\/em> \u015eimdi logstash-forwarder \u0131n conf dosyas\u0131n\u0131 olu\u015ftural\u0131m.<\/p>\n nano \/etc\/logstash-forwarder.conf<\/strong><\/p>\n {<\/em> “files”: [<\/em> Yukar\u0131daki dosyada dikkat ederseniz 4 farkl\u0131 ve \u00f6nemli b\u00f6l\u00fcm\u00fc i\u015faretledim , birincisi loglar\u0131 nereye ve hangi porta iletece\u011fimiz , ikincisi bir \u00f6nceki ad\u0131mda haz\u0131rlad\u0131\u011f\u0131m\u0131z ssl dosyas\u0131n\u0131n yolu , \u00fc\u00e7\u00fcnc\u00fcs\u00fc cpanel sunucudaki hangi loglar\u0131 g\u00f6nderece\u011fimiz , d\u00f6rd\u00fcnc\u00fcs\u00fc ise bu loglar\u0131n \u00e7e\u015fidi.<\/p>\n \u015eimdi logstash forwarder \u0131 ba\u015flatal\u0131m ve ayn\u0131 zamanda sunucunun bir sonraki a\u00e7\u0131l\u0131\u015f\u0131nda otomatik olarak \u00e7al\u0131\u015fmas\u0131n\u0131 sa\u011flayal\u0131m.<\/p>\n service logstash-forwarder restart && chkconfig logstash-forwarder on<\/strong><\/p>\n Conf dosyam\u0131zda 5001<\/strong> nolu porta g\u00f6nderece\u011fimizi belirtmi\u015ftik , o halde cpanel server \u00fczerinde bir firewall kullan\u0131yor isek d\u0131\u015far\u0131ya do\u011fru bu portu aktif etmeliyiz , ben cpanel sunucularda csf kullanmaya \u00f6zen g\u00f6steriyorum , a\u015fa\u011f\u0131daki dosyasy\u0131 a\u00e7\u0131p tcp_out ve udp_out b\u00f6l\u00fcmlerine 5001 nolu portu ekliyorum. Buradaki 5001 portu elkstack server\u0131n\u0131z ile ilgili bir durum , yani orada kullanmay\u0131 se\u00e7ti\u011finiz porttur , Sizin elkstack ya da logstash server da bu farkl\u0131 olabilir.<\/p>\n root@cpanel.ayhanarda.com [\/usr\/local\/apache\/logs]# cat \/etc\/csf\/csf.conf | grep TCP_OUT sonras\u0131nda csf -r<\/strong> komutu ile csf yi restart edelim. E\u011fer csf kullanm\u0131yor iseniz iptables \u00fczerinden direkt olarak ta a\u00e7abilirsiniz.<\/p>\n \u015eimdi e\u011fer elkstack bu portu dinliyor , cpanel de log g\u00f6nderiyor ise bunu a\u015fa\u011f\u0131daki dosyay\u0131 izleyerek g\u00f6rebilirsiniz<\/p>\n tail -f \/var\/log\/logstash-forwarder\/logstash-forwarder.err<\/strong><\/p>\n 2015\/11\/03 06:57:38.745365 Setting trusted CA from file: \/etc\/pki\/tls\/certs\/logstash-forwarder.crt Hepsi bu kadar , iyi \u00e7al\u0131\u015fmalar..<\/p>\n Ayhan ARDA<\/p>\n
\n192.168.1.1 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 elkstack.ayhanarda.com<\/strong><\/p>\n
\n[logstash-forwarder]<\/strong>
\nname=logstash-forwarder repository<\/strong>
\nbaseurl=http:\/\/packages.elasticsearch.org\/logstashforwarder\/centos<\/strong>
\ngpgcheck=1<\/strong>
\ngpgkey=http:\/\/packages.elasticsearch.org\/GPG-KEY-elasticsearch<\/strong>
\nenabled=1<\/strong>
\nREPO<\/strong><\/p>\n
\nMIIDDTCCAfWgAwIBAgIJANcKD2AfHuraMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV<\/em>
\nBAMMEmVsa3N0YWNrLm5hdHJvLmNvbTAeFw0xNTEwMjcxMTI4NTFaFw0yNTEwMjQx<\/em>
\n…<\/em>
\n…<\/em>
\n…<\/em>
\n—–END CERTIFICATE—–<\/em><\/p>\n
\n\u00a0 “network”: {<\/em>
\n“servers”: [ “elkstack.ayhanarda.com:5001<\/strong>” ],<\/em>
\n“timeout”: 15,<\/em>
\n“ssl ca”: “\/etc\/pki\/tls\/certs\/logstash-forwarder.crt<\/strong>“<\/em>
\n\u00a0 },<\/em><\/p>\n
\n{<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0 “paths”: [<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 “\/usr\/local\/apache\/domlogs\/*\/*<\/strong>“<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ],<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0 “fields”: { “type”: “apache-access<\/strong>” }<\/em>
\n\u00a0\u00a0\u00a0 }<\/em>
\n]<\/em>
\n}<\/em><\/p>\n
\nTCP_OUT = “20,21,25,37,43,53,80,110,113,443,587,993,995,2086,2087,2089,2703,3306,4443,5001<\/strong>,6343,30000:35000,65000:65535″
\nroot@cpanel.ayhanarda.com [\/usr\/local\/apache\/logs]# cat \/etc\/csf\/csf.conf | grep UDP_OUT
\nUDP_OUT = “53,113,123,873,5001<\/strong>,6277,6343″<\/p>\n
\n2015\/11\/03 06:57:38.745939 Connecting to [192.168.1.1]:5001 (elkstack.ayhanarda.com)
\n2015\/11\/03 06:57:38.838187 Connected to 192.168.1.1<\/p>\n
![\"Share](\"https:\/\/static.hupso.com\/share\/buttons\/lang\/tr\/share-medium.png\")
<\/a>