ELK配置新增脚本

Posted david-qing

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ELK配置新增脚本相关的知识,希望对你有一定的参考价值。

每次有新服务器上线的时候我们需要采集日志信息涉及到各种配置:

  • rsyslog客户端
  • rsyslog中继服务器
  • rsyslog服务器
  • logstash-shipper

如果手动配置的话工作量较大,而且容易出错。写了个脚本以便快速部署。

文件结构如下

?  elk_scripts git:(master) ? tree
.
├── README
├── log-make.sh
├── rsyslog-clinet-temp
└── rsyslog-server-temp

执行log-make.sh将询问操作内容,1为创建配置文件,2为发送配置文件

[[email protected] elk_scripts]# sh log-make.sh
#####################choose number#################################
What do you want to do?
1.Make ELK configuration!
2.Transfer configuration!
#####################choose number#################################

各文件内容如下

log-make.sh

#!/bin/bash
RED_COLOR=‘\E[1;31m‘

GREEN_COLOR
=\E[1;32m YELLOW_COLOR=\E[1;33m RES=\E[0m NGATAG=`hostname`-nginx-access NGETAG=`hostname`-nginx-error phpSLOWTAG=`hostname`-php-slow PHPERRORTAG=`hostname`-php-error ACTIONTAG=`hostname`-action BRANCH=`hostname|awk -F - {print $1}` [ -d ./logfile ]||mkdir ./logfile rsyslog_client () { if [ ! -f /var/log/nginx/access-admin.log ];then echo -e "${RED_COLOR}Can not find access-admin log.${RES}" exit 1 fi if [ ! -f /var/log/nginx/error-admin.log ];then echo -e "${RED_COLOR}Can not find access-admin error log.${RES}" exit 2 fi if [ ! -f /var/log/nginx/access-pay.log ];then echo -e "${RED_COLOR}Can not find access-pay log.${RES}" exit 3 fi if [ ! -f /var/log/nginx/error-pay.log ];then echo -e "${RED_COLOR}Can not find error-pay log.${RES}" exit 4 fi if [ ! -f /var/log/nginx/access-frontend.log ];then echo -e "${RED_COLOR}Can not find access-frontend log.${RES}" exit 11 fi if [ ! -f /var/log/nginx/error-frontend.log ];then echo -e "${RED_COLOR}Can not find error-frontend log.${RES}" exit 12 fi cp rsyslog-clinet-temp ./logfile/rsyslog-client sed -i "s#nginxaccesstag#${NGATAG}#g" ./logfile/rsyslog-client sed -i "s#nginxerrortag#${NGETAG}#g" ./logfile/rsyslog-client sed -i "s#phpslowtag#${PHPSLOWTAG}#g" ./logfile/rsyslog-client sed -i "s#phperrortag#${PHPERRORTAG}#g" ./logfile/rsyslog-client sed -i "s#actionlog#${ACTIONTAG}#g" ./logfile/rsyslog-client } rsyslog_server () { cp rsyslog-server-temp ./logfile/rsyslog-server sed -i "s#nginx-access#${NGATAG}#g" ./logfile/rsyslog-server sed -i "s#nginx-error#${NGETAG}#g" ./logfile/rsyslog-server sed -i "s#php-slow#${PHPSLOWTAG}#g" ./logfile/rsyslog-server sed -i "s#php-error#${PHPERRORTAG}#g" ./logfile/rsyslog-server sed -i "s#action-log#${ACTIONTAG}#g" ./logfile/rsyslog-server sed -i "s#ngxapath#/data/rsyslog/nginx/${BRANCH}/$(hostname)-nginx-access.log#g" ./logfile/rsyslog-server sed -i "s#ngxepath#/data/rsyslog/nginx/${BRANCH}/$(hostname)-nginx-error.log#g" ./logfile/rsyslog-server sed -i "s#phpspath#/data/rsyslog/php/${BRANCH}/$(hostname)-php-slow.log#g" ./logfile/rsyslog-server sed -i "s#phpepath#/data/rsyslog/php/${BRANCH}/$(hostname)-php-error.log#g" ./logfile/rsyslog-server sed -i "s#actionpath#/data/rsyslog/php/${BRANCH}/$(hostname)-action.log#g" ./logfile/rsyslog-server } send_rsyslog_client () { cp /etc/rsyslog.conf{,.bak_$(date +%F)} \cp ./logfile/rsyslog-client /etc/rsyslog.conf } send_rsyslog_server () { scp -P 2222 ./logfile/rsyslog-server [email protected]rsyslog中继服务器地址:/etc/rsyslog.d/`hostname`.conf scp -P 2001 ./logfile/rsyslog-server [email protected]rsyslog服务器地址:/etc/rsyslog.d/`hostname`.conf systemctl restart rsyslog if [ `systemctl status rsyslog|grep "active (running)"|wc -l` -eq 1 ] then echo "Rsyslog client servie start successfully!" else echo "Rsyslog client service start failure!" break 7 fi ssh -p 2222 [email protected]rsyslog中继服务器地址 "systemctl restart rsyslog" ssh -p 2001 [email protected]服务器地址 "systemctl restart rsyslog" } change_shipper_sitename () { sed -i "s#SITENAME#${BRANCH}#g" $0 } send_shipper_conf_tw_slave01 () { shipper_nginx_access=`ssh -p 2001 [email protected]logstash-shipper地址 "grep ${BRANCH}-nginx-access /etc/logstash-shipper/conf.d/shipper.conf|wc -l"` shipper_nginx_error=`ssh -p 2001 [email protected]logstash-shipper地址 "grep ${BRANCH}-nginx-error /etc/logstash-shipper/conf.d/shipper.conf|wc -l"` shipper_php_slow=`ssh -p 2001 [email protected]地址 "grep ${BRANCH}-php-slow /etc/logstash-shipper/conf.d/shipper.conf|wc -l"` shipper_php_error=`ssh -p 2001 [email protected]地址 "grep ${BRANCH}-php-error /etc/logstash-shipper/conf.d/shipper.conf|wc -l"` shipper_action=`ssh -p 2001 [email protected]地址 "grep ${BRANCH}-action /etc/logstash-shipper/conf.d/shipper.conf|wc -l"` if [ ${shipper_action} -eq 0 ] then ssh -p 2001 [email protected]地址 sed -i "2i\ file {\n path => \"/data/rsyslog/php/SITENAME/SITENAME*action.log\"\n type => \"SITENAME-action\"\n sincedb_path => \"/data/sincedb/SITENAME\"\n }\n" /etc/logstash-shipper/conf.d/shipper.conf else echo "ELK action shipper configuration added already!" continue fi if [ ${shipper_nginx_access} -eq 0 ] then ssh -p 2001 [email protected]地址 sed -i "2i\ file {\n path => \"/data/rsyslog/nginx/SITENAME/SITENAME-*-nginx-access.log\"\n type => \"SITENAME-nginx-access\"\n sincedb_path => \"/data/sincedb/SITENAME\"\n }\n" /etc/logstash-shipper/conf.d/shipper.conf else echo "ELK nginx-access shipper configuration added already!" continue fi if [ ${shipper_nginx_error} -eq 0 ] then ssh -p 2001 [email protected]地址 sed -i "2i\ file {\n path => \"/data/rsyslog/nginx/SITENAME/SITENAME-*-nginx-error.log\"\n type => \"SITENAME-nginx-error\"\n sincedb_path => \"/data/sincedb/SITENAME\"\n }\n" /etc/logstash-shipper/conf.d/shipper.conf else echo "ELK nginx-error shipper configuration added already!" continue fi if [ ${shipper_php_slow} -eq 0 ] then ssh -p 2001 [email protected]地址 sed -i "2i\ file {\n path => \"/data/rsyslog/php/SITENAME/SITENAME-*-php-slow.log\"\n type => \"SITENAME-php-slow\"\n sincedb_path => \"/data/sincedb/SITENAME\"\n }\n" /etc/logstash-shipper/conf.d/shipper.conf else echo "ELK php-slow shipper configuration added already!" continue fi if [ ${shipper_php_error} -eq 0 ] then ssh -p 2001 [email protected]地址 sed -i "2i\ file {\n path => \"/data/rsyslog/php/SITENAME/SITENAME-*-php-error.log\"\n type => \"SITENAME-php-error\"\n sincedb_path => \"/data/sincedb/SITENAME\"\n }\n" /etc/logstash-shipper/conf.d/shipper.conf else echo "ELK php-error shipper configuration added already!" fi } echo #####################choose number################################# echo -e "${YELLOW_COLOR}What do you want to do?${RES}" echo -e "${GREEN_COLOR}1.Make ELK configuration!${RES}" echo -e "${GREEN_COLOR}2.Transfer configuration!${RES}" echo #####################choose number################################# read -p "Choose number:" NUMBER case ${NUMBER} in 1) rsyslog_client rsyslog_server change_shipper_sitename echo "Log file make successfully!" ;; 2) send_rsyslog_client send_rsyslog_server send_shipper_conf_tw_slave01 ;; *) echo "Usage:{1|2}" exit 9 esac

rsyslog-clinet-temp

$ModLoad imuxsock
$ModLoad imjournal
$ModLoad imfile
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 :omusrmsg:*
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

##########Start Nginx Log File#################
$InputFileName /var/log/nginx/access-admin.log
$InputFileTag nginxaccesstag:
$InputFileStateFile nginxaccesstag
$InputFileSeverity debug
$InputRunFileMonitor
$InputFilePollInterval 1

$InputFileName /var/log/nginx/error-admin.log
$InputFileTag nginxerrortag:
$InputFileStateFile nginxerrortag
$InputFileSeverity debug
$InputRunFileMonitor
$InputFilePollInterval 1

$InputFileName /var/log/nginx/access-frontend.log
$InputFileTag nginxaccesstag:
$InputFileStateFile nginxaccesstag
$InputFileSeverity debug
$InputRunFileMonitor
$InputFilePollInterval 1

$InputFileName /var/log/nginx/error-frontend.log
$InputFileTag nginxerrortag:
$InputFileStateFile nginxerrortag
$InputFileSeverity debug
$InputRunFileMonitor
$InputFilePollInterval 1

$InputFileName /var/log/nginx/access-pay.log
$InputFileTag nginxaccesstag:
$InputFileStateFile nginxaccesstag
$InputFileSeverity debug
$InputRunFileMonitor
$InputFilePollInterval 1

$InputFileName /var/log/nginx/error-pay.log
$InputFileTag nginxerrortag:
$InputFileStateFile nginxerrortag
$InputFileSeverity debug
$InputRunFileMonitor
$InputFilePollInterval 1
######################End Of Nginx Log File################

######################Start Of Action Log File#############
$InputFileName /var/log/php-fpm/action_log.log
$InputFileTag actionlog:
$InputFileStateFile actionlog
$InputFileSeverity debug
$InputRunFileMonitor
$InputFilePollInterval 1
######################End Of Action Log File###############

#####################Start PHP Log File###################
$InputFileName /var/log/php-fpm/www-slow.log
$InputFileTag phpslowtag:
$InputFileStateFile phpslowtag
$InputFileSeverity debug
$InputRunFileMonitor
$InputFilePollInterval 1
$InputFileReadMode 2

$InputFileName /var/log/php-fpm/error.log
$InputFileTag phperrortag:
$InputFileStateFile phperrortag
$InputFileSeverity debug
$InputRunFileMonitor
$InputFilePollInterval 1

$WorkDirectory /var/lib/rsyslog

$ActionQueueType LinkedList
$ActionQueueFileName srvrfwd
$ActionResumeRetryCount -1
$ActionQueueSaveOnShutdown on
####################End Of PHP log File#####################

###################Start Log Forward##################################
if $programname == ‘nginxaccesstag‘ then @@rsyslog中继服务器地址:514
if $programname == ‘nginxerrortag‘ then @@rsyslog中继服务器地址:514
if $programname == ‘phpslowtag‘ then @@rsyslog中继服务器地址:514
if $programname == ‘phperrortag‘ then @@rsyslog中继服务器地址:514
if $programname == ‘actionlog‘ then @@rsyslog中继服务器地址:514
###################End Of log Forward################################

rsyslog-server-temp

$template nginx-access,"ngxapath"
$template nginx-error,"ngxepath"
$template php-slow,"phpspath"
$template php-error,"phpepath"
$template action-log,"actionpath"

if $programname == nginx-access then ?nginx-access
if $programname == nginx-error then ?nginx-error
if $programname == php-slow then ?php-slow
if $programname == php-error then ?php-error
if $programname == action-log then ?action-log

以上是关于ELK配置新增脚本的主要内容,如果未能解决你的问题,请参考以下文章

elk

ELK自动安装脚本

ELK简单安装

ELK简单学习

Linux安装配置ELK日志收集系统,elasticsearch+kibana+filebeat轻量级配置安装

初识集中化日志平台框架 ELK