我正在为我的 Logstash 转发器使用以下配置文件:
{
"network": {
"servers": [ "logstash-server:logstash-door" ],
"ssl ca": "server.crt",
"timeout": 15
},
"files": [
{
"paths": [ "myLogFile.log" ],
"fields": { "type": "myLog" }
}
]
}
它工作正常。但是如果应用程序停止,当我重新启动它时,它会再次将旧日志发送到我的 logstash-server。这是一个大问题,有什么办法可以避免它重新发送旧日志?
logstash-forwarder keeps a "registry" that lists every file that it's monitoring and the current offset into that file. If it's not able to write that file, it will have no idea where to begin when you restart the process.
Check your startup script for where it's writing the registry (named ".logstash-forwarder"). Older versions would write it to the directory where the program was started, and newer versions write to /var/lib/logstash-forwarder.
Running logstash-forwarder in debug mode (-quiet=false) might also give you more information.