统一日志检索部署(eslogstashkafkaflume)

Posted sailq21

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了统一日志检索部署(eslogstashkafkaflume)相关的知识,希望对你有一定的参考价值。

flume:用来搜集日志,将日志传输至kakfa

kafka:作为缓存,存储来自flume的日志

es:作为存储媒介,存放日志

logstash:真对日志进行过滤处理

flume部署

获取安装包、解压

1 cd /usr/local/src && wget http://10.80.7.177/install_package/apache-flume-1.7.0-bin.tar.gz  && tar zxf apache-flume-1.7.0-bin.tar.gz -C /usr/local/

修改flumen-env.sh脚本,设置启动参数

1 cd /usr/local/apache-flume-1.7.0-bin 
2 vim conf/flume-env.sh
1 export JAVA_HOME=/usr/java/jdk1.8.0_121/
2 export JAVA_OPTS="-Xms1000m -Xmx2000m -Dcom.sun.management.jmxremote" //设置启动jvm使用的内存大小

编辑配置文件

1 vim conf/flume_kfk.conf    (备注:该配置文件名字随便起)
 1 agent.sources = s1
 2 agent.channels = c1
 3 agent.sinks = k1
 4 
 5 agent.sources.s1.type=exec
 6 
 7 #要搜集的日志文件据对路径
 8 agent.sources.s1.command=tail -F /root/test.log
 9 agent.sources.s1.channels=c1
10 agent.channels.c1.type=memory
11 agent.channels.c1.capacity=10000
12 agent.channels.c1.transactionCapacity=100
13 #设置Kafka接收器
14 agent.sinks.k1.type= org.apache.flume.sink.kafka.KafkaSink
15 #设置Kafka的broker地址和端口号
16 agent.sinks.k1.brokerList=10.90.11.19:19092,10.90.11.32:19092,10.90.11.45:19092,10.90.11.47:19092,10.90.11.48:19092
17 #设置Kafka的Topic
18 agent.sinks.k1.topic=kafkatest
19 #设置序列化方式
20 agent.sinks.k1.serializer.class=kafka.serializer.StringEncoder
21 agent.sinks.k1.channel=c1

创建kafka的topic

1 cd /data1/kafka/kafka_2.11-0.10.1.0/ && ./kafka-topics.sh --create --topic kafkatest --replication-factor 3 --partitions 20 --zookeeper 10.90.11.19:12181

启动flume

1 /usr/local/apache-flume-1.7.0-bin/bin/flume-ng agent -n agent -Dflume.monitoring.type=http -Dflume.monitoring.port=9876 -c conf -f /usr/local/apache-flume-1.7.0-bin/conf/flume_launcherclick.conf -Dflume.root.logger=ERROR,console -Dorg.apache.flume.log.printconfig=true

测试

1 测试:向/root/test.log文件追加日志。登录kakfa manager上查看kafkatest 的topic中是否有消息。如果有的话,说明没有问题,如果没有,请检查。

部署supervisor监控flume

supervisor部署再次不多加赘述,详见:https://www.cnblogs.com/sailq21/p/9227592.html

编辑/etc/supervisord.conf

[unix_http_server]
file=/data/ifengsite/flume/supervisor.sock   ; the path to the socket file
[inet_http_server]         ; inet (TCP) server disabled by default
port=9001        ; ip_address:port specifier, *:port for all iface
[supervisord]
logfile=/data/logs/supervisord.log ; main log file; default $CWD/supervisord.log
logfile_maxbytes=50MB        ; max main logfile bytes b4 rotation; default 50MB
logfile_backups=10           ; # of main logfile backups; 0 means none, default 10
loglevel=info                ; log level; default info; others: debug,warn,trace
pidfile=/tmp/supervisord.pid ; supervisord pidfile; default supervisord.pid
nodaemon=false               ; start in foreground if true; default false
minfds=1024                  ; min. avail startup file descriptors; default 1024
minprocs=200                 ; min. avail process descriptors;default 200
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl=unix:///data/ifengsite/flume/supervisor.sock ; use a unix:// URL  for a unix socket
[include]
files = /etc/supervisord.d/*.conf

编辑flume启动文件

 1 [program:flume-push]
 2 directory = /usr/local/apache-flume-1.7.0-bin/
 3 command = /usr/local/apache-flume-1.7.0-bin/bin/flume-ng agent -n agent -Dflume.monitoring.type=http -Dflume.monitoring.port=9876 -c conf -f /usr/local/apache-flume-1.7.0-bin/conf/push.conf -Dflume.root.logger=ERROR,console -Dorg.apache.flume.log.printconfig=true
 4 autostart = true
 5 startsecs = 5
 6 autorestart = true
 7 startretries = 3
 8 user = root
 9 redirect_stderr = true
10 stdout_logfile_maxbytes = 20MB
11 stdout_logfile_backups = 20
12 stdout_logfile = /data/ifengsite/flume/logs/flume-supervisor.log

创建目录、并启动supervisor

1 mkdir -p /data/ifengsite/flume/logs/
2 supervisord -c /etc/supervisord.conf
3 重启supervisor:supervisorctl reload

测试:登录ip:9001查看supervisor

如果flume到kafka没有问题,接下来配置logstash

编辑flume_kfk.conf

1 vim /etc/logstash/conf.d/flume_kfk.conf
 1 input{
 2     kafka {
 3         bootstrap_servers => ["10.90.11.19:19092,10.90.11.32:19092,10.90.11.45:19092,10.90.11.47:19092,10.90.11.48:19092"]
 4         client_id => "test"
 5         group_id => "test"
 6         consumer_threads => 5
 7         decorate_events => true
 8         topics => "kafkatest"
 9         type => "testqh"
10     }
11 }
12 filter {
13     mutate {
14         gsub => ["message","\\x","\\x"]
15     }
16     json {
17         source => "message"
18         remove_field => ["message","beat","tags","source","kafka"]
19     }
20     date {
21         match => ["timestamp","ISO8601"]
22         timezone => "Asia/Shanghai"
23         target => "@timestamp"
24     }
25 
26 }
27 
28 #输出到标准输出用于debug,需要输出到es的时候,可配置为es接收。
29 output{
30     stdout{
31         codec => rubydebug
32     }
33 }

 

以上是关于统一日志检索部署(eslogstashkafkaflume)的主要内容,如果未能解决你的问题,请参考以下文章

统一日志ELK部署配置——kibana

统一日志ELK部署配置——kafka

ELK日志分析平台环境部署 (yum安装)

从 iOS 设备获取统一系统日志

ELK日志收集平台部署

ELK日志收集平台部署