• ELK收集tomcat状态日志

    1、先查看之前的状态日志输出格式:在logs/catalina.out这个文件中

    最上面的日志格式我们可能不太习惯使用,所以能输出下面的格式是最好的,当然需要我们自定义日志格式,接下来看看如何修改

    2、打开conf/loggind.proterties这个文件,按照如下所示修改

    在此文件中添加如下内容

    1catalina.org.apache.juli.AsyncFileHandler.formatter = java.util.logging.SimpleFormatter
java.util.logging.SimpleFormatter.format = %1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS.%1$tL [%4$s] [%3$s] %2$s %5$s %6$s%n

    同时删除此行内容

    java.util.logging.ConsoleHandler.formatter = org.apache.juli.OneLineFormatter

    3、保存之后重启tomcat我们就可以在logs目录下的catalina.out日志文件中看到上面的比较友好的格式了。比如第一张图的第二个方框所示。

    4、编写配置文件

    input{
    redis {
        host =>"172.16.0.54"
        port => 6379
        data_type => "list"
        db => "5"
        password => "123456"
        key => "tomcat_accessstatus_filter_index"
        codec => "json"
        add_field => {
            "[@metadata][mytomcat]" => "tomcat_accessstatus_filter_log"
        }
    }
}
filter{
#    if [fields][log_topic] == "tomcatlogs_catalina" {
#             mutate {
#             add_field => [ "[zabbix_key]", "tomcatlogs_catalina" ]
#             add_field => [ "[zabbix_host]", "%{[host][name]}" ]
#             }
    grok {
             match => { "message" => "%{TIMESTAMP_ISO8601:access_time}s+[(?<loglevel>[sS]*)]s+[%{DATA:exception_info}](?<tomcatcontent>[sS]*)" }
        }
        date {
                match => [ "access_time","MMM  d HH:mm:ss", "MMM dd HH:mm:ss", "ISO8601"]

        }
        mutate {
            remove_field => "@version"
            remove_field => "message"
            #remove_field => "[fields][log_topic]"
            #remove_field => "fields"
            remove_field => "access_time"
        }

}

output{
stdout{}
}

    接下来输入一些内容,你就能看到效果了

    比如,输入如下内容:

    2019-03-19 13:08:07.782 [INFO] [org.apache.coyote.ajp.AjpNioProtocol] org.apache.coyote.AbstractProtocol destroy Destroying ProtocolHandler ["ajp-nio-8009"]

    看到下面的效果

    {
        "@timestamp" => 2019-03-19T05:08:07.782Z,
            "source" => "/usr/local/tomcat/logs/catalina.out",
             "input" => {
        "type" => "log"
    },
              "beat" => {
        "hostname" => "ELK-chaofeng07",
         "version" => "6.5.2",
            "name" => "ELK-chaofeng07"
    },
            "offset" => 27466,
    "exception_info" => "org.apache.coyote.ajp.AjpNioProtocol",
              "host" => {
                   "id" => "95f33c1568b94503946976569d36ad32",
                   "os" => {
              "family" => "redhat",
            "codename" => "Core",
            "platform" => "centos",
             "version" => "7 (Core)"
        },
        "containerized" => true,
                 "name" => "ELK-chaofeng07",
         "architecture" => "x86_64"
    },
          "loglevel" => "INFO",
        "prospector" => {
        "type" => "log"
    },
     "tomcatcontent" => " org.apache.coyote.AbstractProtocol destroy Destroying ProtocolHandler ["ajp-nio-8009"] "
}

    这里我只是演示了logstash的输出而已,至于输出到ES集群是比较好配置的。这里不再详述
  • 相关阅读:
    8-12接口测试进阶-1数据驱动
    8-5接口测试用例设计与编写-4
    用CentOS 7打造合适的科研环境
    linux版本qq的安装
    CentOS下安装福昕PDF软件
    CENTOS install summary
    centos6 install mplayer(multimedia)
    基于u盘安装centos6.0
    CentOS6.3挂载读写NTFS分区
    制作win7+ubuntu +winPE+CDlinux多系统启动U盘
  • 原文地址:https://www.cnblogs.com/FengGeBlog/p/10558912.html
Copyright © 2020-2023  润新知