elk收集tomcat的日志
logstash收集tomcat的日志 不要修改下tomcat中server.xml的日志格式,否则tomcat无法启动,试过多次,不行,就用自带的日志让logstash去收集 首先给tomcat日志授权,否则logstash无权读取日志文件 [root@bogon bin]# ls -l /usr/local/tomcat/logs/
total
-rw-r----- root root Feb : catalina.--.log
-rw-r----- root root Feb : catalina.out
-rw-r----- root root Feb : host-manager.--.log
-rw-r----- root root Feb : localhost.--.log
-rw-r----- root root Feb : localhost_access_log.--.txt
-rw-r----- root root Feb : manager.--.log [root@bogon bin]# chmod /usr/local/tomcat/logs/* [root@bogon bin]# ls -l /usr/local/tomcat/logs/
total 208
-rwxrwxrwx 1 root root 101390 Feb 12 02:42 catalina.2019-02-12.log
-rwxrwxrwx 1 root root 101500 Feb 12 02:42 catalina.out
-rwxrwxrwx 1 root root 0 Feb 12 01:40 host-manager.2019-02-12.log
-rwxrwxrwx 1 root root 2454 Feb 12 02:42 localhost.2019-02-12.log
-rwxrwxrwx 1 root root 2421 Feb 12 03:07 localhost_access_log.2019-02-12.txt
-rwxrwxrwx 1 root root 0 Feb 12 01:40 manager.2019-02-12.log 现在要收集localhost_access_log.2019-02-12.txt日志内容,步骤如下: 配置logstash的语法规则,来收集tomcat日志: cat> /home/logstash-6.3.0/config/tomcat_test.conf<<EOF
input {
file {
path => ["/usr/local/tomcat/logs/localhost_access_log.2019-02-12.txt"]
type => "tomcat_log"
start_position => "beginning"
codec => json
}
}
filter {
date {
match => [ "timestamp" , "YYYY-MM-dd HH:mm:ss" ]
}
}
output {
elasticsearch {
hosts => ["192.168.0.91:9200"]
index => "tomcat-pc-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
EOF 然后测试下有没有语法错误 /home/logstash-6.3.0/bin/logstash -t -f /home/logstash-6.3.0/config/tomcat_test.conf --config.test_and_exit 开始启动 nohup /home/logstash-6.3.0/bin/logstash -f /home/logstash-6.3.0/config/tomcat_test.conf & 启动非常慢,需要几分钟 查看logstash进程 [root@bogon tomcat]# ps -ef |grep logstash
root 22853 5194 99 03:03 pts/1 00:02:02 /bin/java -Xms1g -Xmx1g -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djruby.compile.invokedynamic=true -Djruby.jit.threshold=0 -XX:+HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -cp /home/logstash-6.3.0/logstash-core/lib/jars/commons-compiler-3.0.8.jar:/home/logstash-6.3.0/logstash-core/lib/jars/google-java-format-1.1.jar:/home/logstash-6.3.0/logstash-core/lib/jars/guava-19.0.jar:/home/logstash-6.3.0/logstash-core/lib/jars/jackson-annotations-2.9.5.jar:/home/logstash-6.3.0/logstash-core/lib/jars/jackson-core-2.9.5.jar:/home/logstash-6.3.0/logstash-core/lib/jars/jackson-databind-2.9.5.jar:/home/logstash-6.3.0/logstash-core/lib/jars/jackson-dataformat-cbor-2.9.5.jar:/home/logstash-6.3.0/logstash-core/lib/jars/janino-3.0.8.jar:/home/logstash-6.3.0/logstash-core/lib/jars/jruby-complete-9.1.13.0.jar:/home/logstash-6.3.0/logstash-core/lib/jars/log4j-api-2.9.1.jar:/home/logstash-6.3.0/logstash-core/lib/jars/log4j-core-2.9.1.jar:/home/logstash-6.3.0/logstash-core/lib/jars/log4j-slf4j-impl-2.9.1.jar:/home/logstash-6.3.0/logstash-core/lib/jars/logstash-core.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.core.commands-3.6.0.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.core.contenttype-3.4.100.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.core.expressions-3.4.300.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.core.filesystem-1.3.100.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.core.jobs-3.5.100.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.core.resources-3.7.100.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.core.runtime-3.7.0.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.equinox.app-1.3.100.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.equinox.common-3.6.0.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.equinox.preferences-3.4.1.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.equinox.registry-3.5.101.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.jdt.core-3.10.0.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.osgi-3.7.1.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.text-3.5.101.jar:/home/logstash-6.3.0/logstash-core/lib/jars/slf4j-api-1.7.25.jar org.logstash.Logstash -t -f /home/logstash-6.3.0/config/tomcat_test.conf --config.test_and_exit
root 22916 18873 0 03:04 pts/3 00:00:00 grep logstash 查看elk端口 [root@bogon tomcat]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.0.91:5601 0.0.0.0:* LISTEN 15053/node
tcp 0 0 192.168.0.91:9100 0.0.0.0:* LISTEN 14232/grunt
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 943/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1173/master
tcp6 0 0 127.0.0.1:9600 :::* LISTEN 23343/java
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 21582/java
tcp6 0 0 :::8009 :::* LISTEN 21582/java
tcp6 0 0 :::8080 :::* LISTEN 21582/java
tcp6 0 0 192.168.0.91:9200 :::* LISTEN 14105/java
tcp6 0 0 192.168.0.91:9300 :::* LISTEN 14105/java
tcp6 0 0 :::22 :::* LISTEN 943/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1173/master 可以看到logstash启动后随机生成了一个9600端口 elasticsearch的head插件查看 先查看概览:再查看数据浏览:
配置kibana查看日志 首先查看索引:
cat /home/logstash-6.3.0/config/tomcat_test.conf
input {
file {
path => ["/usr/local/tomcat/logs/localhost_access_log.2019-02-12.txt"]
type => "tomcat_log"
start_position => "beginning"
codec => json
}
}
filter {
date {
match => [ "timestamp" , "YYYY-MM-dd HH:mm:ss" ]
}
}
output {
elasticsearch {
hosts => ["192.168.0.91:9200"]
index => "tomcat-pc-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
里面的index => "tomcat-pc-%{+YYYY.MM.dd}" 就是索引,这个索引一会配置kibana时候需要用到。
配置Kibana获得日志
参照文档: https://www.cnblogs.com/cjsblog/p/9476813.html https://blog.csdn.net/ZHANG_H_A/article/details/53129565 http://blog.51cto.com/jinlong/2055379
elk收集tomcat的日志的更多相关文章
- ELK收集tomcat访问日志并存取mysql数据库案例
这个案例中,tomcat产生的日志由filebeat收集,然后存取到redis中,再由logstash进行过滤清洗等操作,最后由elasticsearch存储索引并由kibana进行展示. 1.配置t ...
- ELK收集tomcat状态日志
1.先查看之前的状态日志输出格式:在logs/catalina.out这个文件中 最上面的日志格式我们可能不太习惯使用,所以能输出下面的格式是最好的,当然需要我们自定义日志格式,接下来看看如何修改 2 ...
- elk收集tomcat日志
1.elk收集tomcat普通日志: 只在logstash节点增加如下文件,重启logstash即可: cat >>/home/logstash-6.3.0/config/tomcat_t ...
- ELK 收集 Tomcat日志以及修改Tomcat日志格式
ELK 收集 Tomcat日志以及修改Tomcat日志格式 Tomcat日志 想要收集tomcat 日志 首先我们要对tomcat的日志有足够的了解 tomca日志分类 简单的说tomcat logs ...
- ELK之收集tomcat访问日志
把tomcat访问日志转换成json格式然后收集 修改配置文件conf/server.xml把日志输出改成json格式 添加logstash配置文件(日志按天切割可以使用*进行匹配所有)
- 带你了解zabbix整合ELK收集系统异常日志触发告警~
今天来了解一下关于ELK的“L”-Logstash,没错,就是这个神奇小组件,我们都知道,它是ELK不可缺少的组件,完成了输入(input),过滤(fileter),output(输出)工作量,也是我 ...
- ELK收集Nginx自定义日志格式输出
1.ELK收集日志的有两种常用的方式: 1.1:不修改源日志格式,简单的说就是在logstash中转通过 grok方式进行过滤处理,将原始无规则的日志转换为规则日志(Logstash自定义日志格式) ...
- 搭建ELK收集PHP的日志
架构: filebeat --> redis -->logstash --> es --> kibana 每个客户端需要安装filebeat收集PHP日志 filebeat把收 ...
- ELK收集windows服务器日志笔记
一.软件版本 1.jdk-8u211-linux-x64.rpm 2.elasticsearch-6.8.1.rpm 3.logstash-6.8.1.rpm 4.kibana-6.8.1-x86_6 ...
随机推荐
- jsp下拉列表
<c:set var="REPORT_TYPE_NORMAL" value="<%=SysIndexFormTemp.REPORT_TYPE_NORMAL%& ...
- Gym - 102141D 通项公式 最短路
题目很长,但是意思就是给你n,A,B,C,D n表示有n个城市 A是飞机的重量 B是一个常数表示转机代价 C是单位燃油的价格 D是一个常数 假设一个点到另外一个点的距离为整数L 起飞前的油量为f 则 ...
- P5496 【模板】回文自动机(PAM)
做一下强制在线处理即可 #include <cstdio> #include <algorithm> #include <cstring> using namesp ...
- 如何定义搜索面板的过滤器?DevExpress WPF超easy
DevExpress广泛应用于ECM企业内容管理. 成本管控.进程监督.生产调度,在企业/政务信息化管理中占据一席重要之地.通过DevExpress WPF Controls,您能创建有着强大互动功能 ...
- C# 通过Process.Start() 打开程序 置顶方法
private void webBrowser1_Navigating(object sender, WebBrowserNavigatingEventArgs e) { try { foreach ...
- Qt 工程文件(.pro)
qmake –project 这个命令是用来生成QT的工程文件(.pro)的,这个文件是用来设置编译或者链接的变量,以便用qmake生成相对应的Makefile文件 TEMPLATE:这个变量是用来定 ...
- MyEclipse6.5的速度性能优化大提速(转)
MyEclipse是Eclipse的插件,也是一款功能强大的J2EE集成开发环境,支持代码编写.配置.测试以及除错.现在看一下MyEclipse6.5版本的速度性能优化大提速.优化MyEclipse6 ...
- XHTML测试题
1.XHTML 指的是? A.EXtra Hyperlinks and Text Markup Language B.EXtensible HyperText Marking Language C.E ...
- LA 7263 Today Is a Rainy Day bfs+暴力 银牌题
7263 Today Is a Rainy Day Today is a rainy day. The temperature is apparently lower than yesterday. ...
- 堡垒机前戏——paramiko
提要:在写堡垒机之前,我们必须要了解paramiko这个第三方库.有关于python的第三方库的安装很简单,可以自行百度. 该模块基于SSH用于连接远程服务器并执行相关操作. SSHClient 用于 ...