一 配置tomcat日志为json格式
#注释原有日志 <!-- Access log processes all example. Documentation at: /docs/config/valve.html Note: The pattern used is equivalent to using pattern="common" --> <!-- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> --> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="tomcat_access_log" suffix=".log" pattern="{"clientip":"%h","ClientUser":"%l","authenticated":"%u","AccessTime":"%t","method":"%r","status":"%s","SendBytes":"%b","Query?string":"%q","partner":"%{Referer}i","AgentVersion":"%{User-Agent}i"}"/>
[root@Docker ~]# /apps/tomcat/bin/startup.sh [root@Docker ~]# cat /apps/tomcat/logs/tomcat_access_log2018-08-06.log {"clientip":"192.168.10.81","ClientUser":"-","authenticated":"-","AccessTime":"[06/Aug/2018:14:41:22 +0800]","method":"GET / HTTP/1.1","status":"200","SendBytes":"11418","Query?string":"","partner":"-","AgentVersion":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 UBrowser/6.2.4094.1 Safari/537.36"}
二 编写logstash配置文件
[root@Docker ~]# cat /etc/logstash/conf.d/tomcat.conf input { file { path => "/apps/tomcat/logs/tomcat_access_log*.log" type => "tomcat-access-log-ceshi" start_position => "beginning" stat_interval => "2" } } output { elasticsearch { hosts => ["192.168.10.10:9200"] index => "logstash-tomcat-access-log-ceshi-%{+YYYY.MM.dd}" } }
三 检查
