• logstash收集Tomcat日志


    web服务器安装jdk,安装Tomcat还有logstash

    安装jdk

    [root@es-web1 ~]# apt install openjdk-8-jdk -y
    

    dpkg安装logstash(需要改启动文件的以root启动)

    [root@es-web1 src]# dpkg -i logstash-7.12.1-amd64.deb
    

    创建目录

    [root@es-web1 ~]# mkdir /apps
    

    解压

    [root@es-web1 apps]# tar xf apache-tomcat-8.5.54.tar.gz
    

    制作软链接

    [root@es-web1 apps]# ln -sv /apps/apache-tomcat-8.5.54 /apps/tomcat
    
    '/apps/tomcat' -> '/apps/apache-tomcat-8.5.54'
    

    创建目录

    [root@es-web1 webapps]# pwd
    /apps/tomcat/webapps
    
    [root@es-web1 webapps]# mkdir myapp
    

    添加数据

    [root@es-web1 webapps]# vim myapp/index.jsp
    
    myapp for 172.31.2.107
    

    启动

    [root@es-web1 tomcat]# ./bin/catalina.sh start
    

    测试:
    http://172.31.2.107:8080/myapp/

    改Tomcat 配置

    [root@es-web1 tomcat]# vim conf/server.xml
    
    <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
                   prefix="tomcat_access_log" suffix=".log"               
                   pattern="{&quot;clientip&quot;:&quot;%h&quot;,&quot;ClientUser&quot;:&quot;%l&quot;,&quot;authenticated&quot;:&quot;%u&quot;,&quot;AccessTime&quot;:&quot;%t&quot;,&quot;metod&quot;:&quot;%r&quot;,&quot;status&quot;:&quot;%s&quot;,&quot;SendBytes&quot;:&quot;%b&quot;,&quot;Query?string&quot;:&quot;%q&quot;,&quot;partner&quot;:&quot;%{Referer}i&quot;,&quot;AgentVersion&quot;:&quot;%{User-Agent}i&quot;}"/>
    

    停止

    [root@es-web1 tomcat]# ./bin/catalina.sh stop
    

    启动

    [root@es-web1 tomcat]# ./bin/catalina.sh start
    

    查看日志

    [root@es-web1 tomcat]# tail -f logs/tomcat_access_log.2021-08-25.log
    

    在原来的基础上写logstash配置

    root@long:/usr/local/src# vim /etc/logstash/conf.d/system-log-es.conf
    
    input {                                                     
       file {
         path => "/var/log/bootstrap.log"
         start_position => "beginning"
         stat_interval => 3 
         type => "bootstrap"
       } 
       
       file {
         path => "/apps/tomcat/logs/tomcat_access_log.*.log"
         start_position => "beginning"
         stat_interval => 3 
         type => "tomcat-accesslog"
       }
    }
    
    output {
       
       if [type] == "bootstrap"{
         elasticsearch { 
            hosts => ["172.31.2.101:9200"]
            index => "long-bootstrap-log-%{+YYYY.MM.dd}"
       }}
    
       if [type] == "tomcat-accesslog"{
         elasticsearch { 
            hosts => ["172.31.2.101:9200"]
            index => "long-tomcat-accesslog-%{+YYYY.MM.dd}"
            codec => "json"
    
       }}
    }
    

    改权限

    [root@es-web1 conf.d]# chmod 644 /apps/tomcat/logs/tomcat_access_log.*.log
    

    重启

    root@long:/usr/local/src# systemctl restart logstash
    

    添加到kibana

    收集java日志并合并日志

    [root@linux-host1 ~]# vim /etc/logstash/conf.d/java.conf
    
    input {
        file {
          path => "/apps/tomcat/logs/catalina.out"
          type => "javalog"
          start_position => "beginning"
          stat_interval => 3
          codec => multiline {
            pattern => "^["
            negate => true
            what => "previous"
        }}
    }
    output {
        if [type] == "javalog" {
          stdout {
          codec => "rubydebug"
        }
        file {
          path => "/tmp/m.txt"
        }}
    }
    

    检查语法:

    [root@linux-host1 ~]# /usr/share/logstash/bin/logstash -f
    /etc/logstash/conf.d/java.conf -t
    

    将输出改为elasticsearch:

    更改后的内容如下:(注意:后面正则不能使用模糊匹配,不然会一直匹配下去)

    [root@es-web1 ~]# cat /etc/logstash/conf.d/java-to-es.conf
    input {
      file {
        path => "/apps/tomcat/logs/catalina.out"
        start_position => "beginning"
        stat_interval => 3
        type => "javalog"
        codec => multiline {
          pattern => "^d+-w+-[0-9]{4}"
          negate => true
          what => "previous"
      }}
    }
    
    output {
       if [type] == "javalog" {
         elasticsearch {
            hosts => ["172.31.2.101:9200"]
            index => "long-javalog-%{+YYYY.MM.dd}"
       }}
    }
    

    重启

    root@linux-host1 ~]# systemctl restart logstash
    

    添加到kibana

  • 相关阅读:
    html部分常用内容
    Django media相关配置
    【设计模式】-单例模式
    SharePoint 修改完或制作完一定要发布
    SharePoint 创建模版页
    kindeditor 不能编辑 问题
    1
    SharePoint 第一个网站
    数据结构第一章
    未能加载文件或程序集“MICROSOFT.REPORTVIEWER.WEBFORMS …
  • 原文地址:https://www.cnblogs.com/xuanlv-0413/p/15374792.html
Copyright © 2020-2023  润新知