ELK学习实验016:filebeat收集tomcat日志
Posted 战五渣
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ELK学习实验016:filebeat收集tomcat日志相关的知识,希望对你有一定的参考价值。
filebeat收集tomcat日志
1 安装tomcat
[root@node4 ~]# yum -y install tomcat tomcat-webapps tomcat-admin-webapps tomcat-docs-webapp tomcat-javadoc
[root@node4 ~]# systemctl start tomcat
[root@node4 ~]# systemctl status tomcat
[root@node4 ~]# netstat -ntlp|grep 8080
2 访问生成日志
访问http://192.168.132.134:8080/
点击页面,就可以产生日志
[root@node4 ~]# tail -f /var/log/tomcat/localhost_access_log.2020-01-19.txt
3 转换日志格式
把tomcat日志转换成json格式
[root@node4 ~]# vim /etc/tomcat/server.xml
原格式
修改:
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> <!-- SingleSignOn valve, share authentication between web applications Documentation at: /docs/config/valve.html --> <!-- <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> --> <!-- Access log processes all example. Documentation at: /docs/config/valve.html Note: The pattern used is equivalent to using pattern="common" --> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="{"client":"%h", "client user":"%l", "authenticated":"%u", "access time":"%t", "method":"%r", "status":"%s", "send bytes":"%b", "Query?string":"%q", "partner":"%{Referer}i", "Agent version":"%{User-Agent}i"}"/> </Host>
重启
[root@node4 ~]# > /var/log/tomcat/localhost_access_log.2020-01-19.txt
[root@node4 ~]# systemctl restart tomcat
4 查看日志
[root@node4 ~]# tail -f /var/log/tomcat/localhost_access_log.2020-01-19.txt|jq .
5 filebeat收集日志
配置filebeat收集
filebeat.inputs: ##################################################### ## nginx log ##################################################### - type: log enabled: true paths: - /usr/local/nginx/logs/access.log json.key_under_root: true json.overwrite_keys: true tags: ["access"] - type: log enabled: true paths: - /usr/local/nginx/logs/error.log tags: ["error"] ##################################################### ## tomcat log ##################################################### - type: log enabled: true paths: - /var/log/tomcat/localhost_access_log.*.txt json.key_under_root: true json.overwrite_keys: true tags: ["tomcat"] ##################################################### ## Output ##################################################### setup.kibana: host: "192.168.132.131:5601" output.elasticsearch: hosts: ["192.168.132.131:9200","192.168.132.132:9200","192.168.132.133:9200"] #index: "nginx-%{[agent.version]}-%{+yyyy.MM.dd}" indices: - index: "access-%{[agent.version]}-%{+yyyy.MM.dd}" when.contains: tags: "access" - index: "error-%{[agent.version]}-%{+yyyy.MM.dd}" when.contains: tags: "error" - index: "tomcat-access-%{[agent.version]}-%{+yyyy.MM.dd}" when.contains: tags: "tomcat"
[root@node4 ~]# systemctl restart filebeat
已经配置成功
6 日志收集查看
详细日志
{ "_index": "tomcat-access-7.4.2-2020.01.19", "_type": "_doc", "_id": "HFExvW8BOF7DoSFdom7C", "_version": 1, "_score": 1, "_source": { "@timestamp": "2020-01-19T09:45:42.999Z", "log": { "offset": 412, "file": { "path": "/var/log/tomcat/localhost_access_log.2020-01-19.txt" } }, "json": { "access time": "[19/Jan/2020:04:35:49 -0500]", "send bytes": "945945", "Query?string": "", "Agent version": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36", "authenticated": "-", "partner": "http://192.168.132.134:8080/", "client user": "-", "method": "GET /docs/changelog.html HTTP/1.1", "client": "192.168.132.1", "status": "200" }, "tags": [ "tomcat" ], "input": { "type": "log" }, "host": { "name": "node4" }, "agent": { "hostname": "node4", "id": "bb3818f9-66e2-4eb2-8f0c-3f35b543e025", "version": "7.4.2", "type": "filebeat", "ephemeral_id": "72970b03-e7a4-4529-b9ec-8134e563d395" }, "ecs": { "version": "1.1.0" } } }
kibana查看
tomcat日志收集完成
以上是关于ELK学习实验016:filebeat收集tomcat日志的主要内容,如果未能解决你的问题,请参考以下文章
ELK学习笔记:3- python api&pyspark读取es中filebeat收集的日志数据-2023-2-11