• ELK之Kibana部署、收集系统日志、一个文件收集多个日志


    1.安装及配置Kibana

    cd /usr/local/src
    yum -y install kibana-5.4.0-x86_64.rpm
    grep "^[a-Z]" /etc/kibana/kibana.yml
    server.port: 5601
    server.host: "10.0.0.22"
    elasticsearch.url: "http://10.0.0.22:9200"
    
    systemctl enable kibana
    systemctl start kibana
    # 浏览器访问10.0.0.22:5601,通过http://10.0.0.22:5601/status来查看是否正常
    

    2.通过配置logstash文件收集message日志

    在Kibana上展示上一节收集的日志信息,添加索引

    使用logstash配置文件收集messages日志

    vim /etc/logstash/conf.d/system.conf
    input {
      file {
        path => "/var/log/messages"
        type => "systemlog"
        start_position => "beginning"
        stat_interval => "2"
      }
    }
    
    output {
      elasticsearch {
        hosts => ["10.0.0.22:9200"]
        index => "logstash-systemlog-%{+YYYY.MM.dd}"
      }
    }
    path => "/var/log/messages":要收集的文件路径
    start_position => "beginning":从什么位置开始读取文件数据,默认是结束位置,会以类似 tail -F 的形式运行.
    如果你是要导入原有数据,把这个设定改成"beginning",logstash 进程就从头开始读取,类似 less +F 的形式运行.
    stat_interval => "2":每隔多久检查一次
    /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/system.conf -t # 检测配置文件是否有语法错误
    ll /var/log/messages  # logstash是普通用户,想要对系统日志有读权限,就得改文件权限
    chmod 644 /var/log/messages 
    systemctl restart logstash
    

    在管理界面查看是否有相应的索引

    添加到Kibana中展示,创建索引

    3.使用一个配置文件收集多个日志(这个配置文件是后来改过的)

    cat /etc/logstash/conf.d/colectTwo.conf
    input {
      file {
            path => "/var/log/nginx/access.log"
            type => "nginx-access"
            start_position => "beginning"
            stat_interval => "2"
      }
      file {
            path => "/var/log/nginx/error.log"
            type => "nginx-error"
            start_position => "beginning"
            stat_interval => "2"
      }
      file {
            path => "/var/log/mysql.log"
            type => "mysql-log"
            start_position => "beginning"
            stat_interval => "2"
      }
    }
    
    output {
      if [type] == "nginx-access" {
      elasticsearch {
            hosts => ["10.0.0.22:9200"]
            index => "logstash-nginx-access-%{+YYYY.MM.dd}"
      }
    }
      
      if [type] == "nginx-error" {
      elasticsearch {
            hosts => ["10.0.0.22:9200"]
            index => "logstash-nginx-error-%{+YYYY.MM.dd}"
      }
    }
      if [type] == "mysql-log" {
      elasticsearch {
            hosts => ["10.0.0.22:9200"]
            index => "logstash-mysql-log-%{+YYYY.MM.dd}"
      }
    }
    }
    配置文件检测语法是否正常:
    /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/colectTwo.conf -t
    systemctl restart logstash
    echo qweqweqweasdqwedqwe > /var/log/mysql.log
    chmod 666 /var/log/mysql.log
    usermod -G adm logstash
    

    通过head插件查看

    Kibana创建索引[logstash-nginx-access-]YYYY.MM.DD:

    Kibana部署及message日志收集:http://blog.51cto.com/jinlong/2055042

  • 相关阅读:
    Hibernate配置文件详解
    Struts工作原理、流程
    java三大框架原理
    JAVA三大框架的各自作用
    tomcat的种种
    jdk及tomcat的配置
    java-io-file
    JAVA-IO-文件过滤
    SPSS-单因素方差分析(ANOVA) 案例解析(转)
    SPSS-比较均值-独立样本T检验 案例解析(转)
  • 原文地址:https://www.cnblogs.com/fawaikuangtu123/p/7910787.html
Copyright © 2020-2023  润新知