zoukankan      html  css  js  c++  java

  • ELK学习实验016:filebeat收集tomcat日志

    filebeat收集tomcat日志

    1 安装tomcat

    [root@node4 ~]# yum -y install tomcat tomcat-webapps tomcat-admin-webapps tomcat-docs-webapp tomcat-javadoc

    [root@node4 ~]# systemctl start tomcat

    [root@node4 ~]# systemctl status tomcat

    [root@node4 ~]# netstat -ntlp|grep 8080

    2 访问生成日志

    访问http://192.168.132.134:8080/

    点击页面,就可以产生日志

    [root@node4 ~]#  tail  -f /var/log/tomcat/localhost_access_log.2020-01-19.txt 

    3 转换日志格式

    把tomcat日志转换成json格式

    [root@node4 ~]# vim /etc/tomcat/server.xml 

    原格式

    修改:

    <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->

        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log." suffix=".txt"
               pattern="{&quot;client&quot;:&quot;%h&quot;,  &quot;client user&quot;:&quot;%l&quot;,   &quot;authenticated&quot;:&quot;%u&quot;,   &quot;access time&quot;:&quot;%t&quot;,     &quot;method&quot;:&quot;%r&quot;,   &quot;status&quot;:&quot;%s&quot;,  &quot;send bytes&quot;:&quot;%b&quot;,  &quot;Query?string&quot;:&quot;%q&quot;,  &quot;partner&quot;:&quot;%{Referer}i&quot;,  &quot;Agent version&quot;:&quot;%{User-Agent}i&quot;}"/>
      </Host>

    重启

    [root@node4 ~]# > /var/log/tomcat/localhost_access_log.2020-01-19.txt

    [root@node4 ~]# systemctl restart tomcat

    4 查看日志

    [root@node4 ~]# tail -f /var/log/tomcat/localhost_access_log.2020-01-19.txt|jq .

    5 filebeat收集日志

    配置filebeat收集

    filebeat.inputs:
#####################################################
## Nginx log
#####################################################
- type: log
  enabled: true
  paths:
    - /usr/local/nginx/logs/access.log
  json.key_under_root: true
  json.overwrite_keys: true
  tags: ["access"]

- type: log
  enabled: true
  paths:
    - /usr/local/nginx/logs/error.log
  tags: ["error"]


#####################################################
## tomcat  log
#####################################################
- type: log
  enabled: true
  paths:
    - /var/log/tomcat/localhost_access_log.*.txt
  json.key_under_root: true
  json.overwrite_keys: true
  tags: ["tomcat"]


#####################################################
## Output
#####################################################
setup.kibana:
  host: "192.168.132.131:5601"
output.elasticsearch:
  hosts: ["192.168.132.131:9200","192.168.132.132:9200","192.168.132.133:9200"]
  #index: "nginx-%{[agent.version]}-%{+yyyy.MM.dd}"
  indices:
    - index: "access-%{[agent.version]}-%{+yyyy.MM.dd}"
      when.contains:
        tags: "access"
    - index: "error-%{[agent.version]}-%{+yyyy.MM.dd}"
      when.contains:
        tags: "error"
    - index: "tomcat-access-%{[agent.version]}-%{+yyyy.MM.dd}"
      when.contains:
        tags: "tomcat"

    [root@node4 ~]# systemctl restart filebeat

    已经配置成功

    6 日志收集查看

    详细日志

    {
"_index": "tomcat-access-7.4.2-2020.01.19",
"_type": "_doc",
"_id": "HFExvW8BOF7DoSFdom7C",
"_version": 1,
"_score": 1,
"_source": {
"@timestamp": "2020-01-19T09:45:42.999Z",
"log": {
"offset": 412,
"file": {
"path": "/var/log/tomcat/localhost_access_log.2020-01-19.txt"
}
},
"json": {
"access time": "[19/Jan/2020:04:35:49 -0500]",
"send bytes": "945945",
"Query?string": "",
"Agent version": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36",
"authenticated": "-",
"partner": "http://192.168.132.134:8080/",
"client user": "-",
"method": "GET /docs/changelog.html HTTP/1.1",
"client": "192.168.132.1",
"status": "200"
},
"tags": [
"tomcat"
],
"input": {
"type": "log"
},
"host": {
"name": "node4"
},
"agent": {
"hostname": "node4",
"id": "bb3818f9-66e2-4eb2-8f0c-3f35b543e025",
"version": "7.4.2",
"type": "filebeat",
"ephemeral_id": "72970b03-e7a4-4529-b9ec-8134e563d395"
},
"ecs": {
"version": "1.1.0"
}
}
}

    kibana查看

    tomcat日志收集完成
  • 相关阅读:
    主键、外键
    SpringBoot定时任务Scheduled
    启动报DataSource错误
    SpringBoot整合aop
    元数据MetaData(五)
    普通结果集ResultSet和离线结果集RowSet(四)
    Statements、PreparedStatement及CallableStatement(三)
    JDBC数据库连接(二)
    JDBC简介(一)
    【Oracle】常用函数
  • 原文地址:https://www.cnblogs.com/zyxnhr/p/12215042.html
Copyright © 2011-2022 走看看