elk收集tomcat的日志
logstash收集tomcat的日志 不要修改下tomcat中server.xml的日志格式,否则tomcat无法启动,试过多次,不行,就用自带的日志让logstash去收集 首先给tomcat日志授权,否则logstash无权读取日志文件 [root@bogon bin]# ls -l /usr/local/tomcat/logs/
total
-rw-r----- root root Feb : catalina.--.log
-rw-r----- root root Feb : catalina.out
-rw-r----- root root Feb : host-manager.--.log
-rw-r----- root root Feb : localhost.--.log
-rw-r----- root root Feb : localhost_access_log.--.txt
-rw-r----- root root Feb : manager.--.log [root@bogon bin]# chmod /usr/local/tomcat/logs/* [root@bogon bin]# ls -l /usr/local/tomcat/logs/
total 208
-rwxrwxrwx 1 root root 101390 Feb 12 02:42 catalina.2019-02-12.log
-rwxrwxrwx 1 root root 101500 Feb 12 02:42 catalina.out
-rwxrwxrwx 1 root root 0 Feb 12 01:40 host-manager.2019-02-12.log
-rwxrwxrwx 1 root root 2454 Feb 12 02:42 localhost.2019-02-12.log
-rwxrwxrwx 1 root root 2421 Feb 12 03:07 localhost_access_log.2019-02-12.txt
-rwxrwxrwx 1 root root 0 Feb 12 01:40 manager.2019-02-12.log 现在要收集localhost_access_log.2019-02-12.txt日志内容,步骤如下: 配置logstash的语法规则,来收集tomcat日志: cat> /home/logstash-6.3.0/config/tomcat_test.conf<<EOF
input {
file {
path => ["/usr/local/tomcat/logs/localhost_access_log.2019-02-12.txt"]
type => "tomcat_log"
start_position => "beginning"
codec => json
}
}
filter {
date {
match => [ "timestamp" , "YYYY-MM-dd HH:mm:ss" ]
}
}
output {
elasticsearch {
hosts => ["192.168.0.91:9200"]
index => "tomcat-pc-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
EOF 然后测试下有没有语法错误 /home/logstash-6.3.0/bin/logstash -t -f /home/logstash-6.3.0/config/tomcat_test.conf --config.test_and_exit 开始启动 nohup /home/logstash-6.3.0/bin/logstash -f /home/logstash-6.3.0/config/tomcat_test.conf & 启动非常慢,需要几分钟 查看logstash进程 [root@bogon tomcat]# ps -ef |grep logstash
root 22853 5194 99 03:03 pts/1 00:02:02 /bin/java -Xms1g -Xmx1g -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djruby.compile.invokedynamic=true -Djruby.jit.threshold=0 -XX:+HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -cp /home/logstash-6.3.0/logstash-core/lib/jars/commons-compiler-3.0.8.jar:/home/logstash-6.3.0/logstash-core/lib/jars/google-java-format-1.1.jar:/home/logstash-6.3.0/logstash-core/lib/jars/guava-19.0.jar:/home/logstash-6.3.0/logstash-core/lib/jars/jackson-annotations-2.9.5.jar:/home/logstash-6.3.0/logstash-core/lib/jars/jackson-core-2.9.5.jar:/home/logstash-6.3.0/logstash-core/lib/jars/jackson-databind-2.9.5.jar:/home/logstash-6.3.0/logstash-core/lib/jars/jackson-dataformat-cbor-2.9.5.jar:/home/logstash-6.3.0/logstash-core/lib/jars/janino-3.0.8.jar:/home/logstash-6.3.0/logstash-core/lib/jars/jruby-complete-9.1.13.0.jar:/home/logstash-6.3.0/logstash-core/lib/jars/log4j-api-2.9.1.jar:/home/logstash-6.3.0/logstash-core/lib/jars/log4j-core-2.9.1.jar:/home/logstash-6.3.0/logstash-core/lib/jars/log4j-slf4j-impl-2.9.1.jar:/home/logstash-6.3.0/logstash-core/lib/jars/logstash-core.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.core.commands-3.6.0.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.core.contenttype-3.4.100.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.core.expressions-3.4.300.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.core.filesystem-1.3.100.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.core.jobs-3.5.100.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.core.resources-3.7.100.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.core.runtime-3.7.0.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.equinox.app-1.3.100.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.equinox.common-3.6.0.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.equinox.preferences-3.4.1.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.equinox.registry-3.5.101.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.jdt.core-3.10.0.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.osgi-3.7.1.jar:/home/logstash-6.3.0/logstash-core/lib/jars/org.eclipse.text-3.5.101.jar:/home/logstash-6.3.0/logstash-core/lib/jars/slf4j-api-1.7.25.jar org.logstash.Logstash -t -f /home/logstash-6.3.0/config/tomcat_test.conf --config.test_and_exit
root 22916 18873 0 03:04 pts/3 00:00:00 grep logstash 查看elk端口 [root@bogon tomcat]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.0.91:5601 0.0.0.0:* LISTEN 15053/node
tcp 0 0 192.168.0.91:9100 0.0.0.0:* LISTEN 14232/grunt
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 943/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1173/master
tcp6 0 0 127.0.0.1:9600 :::* LISTEN 23343/java
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 21582/java
tcp6 0 0 :::8009 :::* LISTEN 21582/java
tcp6 0 0 :::8080 :::* LISTEN 21582/java
tcp6 0 0 192.168.0.91:9200 :::* LISTEN 14105/java
tcp6 0 0 192.168.0.91:9300 :::* LISTEN 14105/java
tcp6 0 0 :::22 :::* LISTEN 943/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1173/master 可以看到logstash启动后随机生成了一个9600端口 elasticsearch的head插件查看 先查看概览:再查看数据浏览:
配置kibana查看日志 首先查看索引:
cat /home/logstash-6.3.0/config/tomcat_test.conf
input {
file {
path => ["/usr/local/tomcat/logs/localhost_access_log.2019-02-12.txt"]
type => "tomcat_log"
start_position => "beginning"
codec => json
}
}
filter {
date {
match => [ "timestamp" , "YYYY-MM-dd HH:mm:ss" ]
}
}
output {
elasticsearch {
hosts => ["192.168.0.91:9200"]
index => "tomcat-pc-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
里面的index => "tomcat-pc-%{+YYYY.MM.dd}" 就是索引,这个索引一会配置kibana时候需要用到。
配置Kibana获得日志
![]()
![]()
![]()
![]()
![]()
![]()
参照文档: https://www.cnblogs.com/cjsblog/p/9476813.html https://blog.csdn.net/ZHANG_H_A/article/details/53129565 http://blog.51cto.com/jinlong/2055379
elk收集tomcat的日志的更多相关文章
- ELK收集tomcat访问日志并存取mysql数据库案例
这个案例中,tomcat产生的日志由filebeat收集,然后存取到redis中,再由logstash进行过滤清洗等操作,最后由elasticsearch存储索引并由kibana进行展示. 1.配置t ...
- ELK收集tomcat状态日志
1.先查看之前的状态日志输出格式:在logs/catalina.out这个文件中 最上面的日志格式我们可能不太习惯使用,所以能输出下面的格式是最好的,当然需要我们自定义日志格式,接下来看看如何修改 2 ...
- elk收集tomcat日志
1.elk收集tomcat普通日志: 只在logstash节点增加如下文件,重启logstash即可: cat >>/home/logstash-6.3.0/config/tomcat_t ...
- ELK 收集 Tomcat日志以及修改Tomcat日志格式
ELK 收集 Tomcat日志以及修改Tomcat日志格式 Tomcat日志 想要收集tomcat 日志 首先我们要对tomcat的日志有足够的了解 tomca日志分类 简单的说tomcat logs ...
- ELK之收集tomcat访问日志
把tomcat访问日志转换成json格式然后收集 修改配置文件conf/server.xml把日志输出改成json格式 添加logstash配置文件(日志按天切割可以使用*进行匹配所有)
- 带你了解zabbix整合ELK收集系统异常日志触发告警~
今天来了解一下关于ELK的“L”-Logstash,没错,就是这个神奇小组件,我们都知道,它是ELK不可缺少的组件,完成了输入(input),过滤(fileter),output(输出)工作量,也是我 ...
- ELK收集Nginx自定义日志格式输出
1.ELK收集日志的有两种常用的方式: 1.1:不修改源日志格式,简单的说就是在logstash中转通过 grok方式进行过滤处理,将原始无规则的日志转换为规则日志(Logstash自定义日志格式) ...
- 搭建ELK收集PHP的日志
架构: filebeat --> redis -->logstash --> es --> kibana 每个客户端需要安装filebeat收集PHP日志 filebeat把收 ...
- ELK收集windows服务器日志笔记
一.软件版本 1.jdk-8u211-linux-x64.rpm 2.elasticsearch-6.8.1.rpm 3.logstash-6.8.1.rpm 4.kibana-6.8.1-x86_6 ...
随机推荐
- 微信小程序中concat 和push的区别
push和concat二者功能很相像,但有两点区别. 先看如下例子: var arr = []; arr.push(1); arr.push(2); arr.push([3, 4]) arr.push ...
- nginx反向代理和负载均衡的简单部署
1. 安装 1) 从Nginx官网下载页面(http://nginx.org/en/download.html)下载Nginx最新版本(目前是1.5.13版本)安装包: 2) ...
- AGC刷题记
已经刷不了几天了... AGC001 A-BBQ Easy 排个序就过了 B-Mysterious Light 手膜一下,你会发现魔改一下\(gcd\)就行了 C-Shorten Diameter 刚 ...
- WPF DevExpress ChartControl使用之PieChart
饼状图要比XYDiagram要简单一点,大体上也是那些东西,没有了X.Y坐标轴,也就没有了第二坐标,要简单一点.PieChartControl.xaml <UserControl x:Class ...
- .net core Areas区域
//使用MVC app.UseMvc(routes => { routes.MapRoute( name: "areas", template: "{area:ex ...
- 【Python之路】特别篇--服务商API认证、Restful、一致性哈希
API加密方式 1/ 加密方式: Md5 (随机字符串 + 时间戳) 2/ 发送方式: http://127.0.0.1:8888/index?pid= MD5加密值 | 时间戳 | 序号 服务端接收 ...
- parents([expr]) 取得一个包含着所有匹配元素的祖先元素的元素集合(不包含根元素)。可以通过一个可选的表达式进行筛选。
parents([expr]) 概述 取得一个包含着所有匹配元素的祖先元素的元素集合(不包含根元素).可以通过一个可选的表达式进行筛选.大理石平台检定规程 参数 exprStringV1.0 用于 ...
- PHP mysqli_ping() 函数
定义和用法 mysqli_ping() 函数进行一个服务器连接,如果连接已断开则尝试重新连接. <?php // 假定数据库用户名:root,密码:123456,数据库:RUNOOB $con= ...
- 图文并茂VLAN详解,让你看一遍就理解VLAN
一.为什么需要VLAN 1.1.什么是VLAN? VLAN(Virtual LAN),翻译成中文是“虚拟局域网”.LAN可以是由少数几台家用计算机构成的网络,也可以是数以百计的计算机构成的企业网络.V ...
- Python基础之深浅copy
1. 赋值 lst1 = [1, 2, 3, ["a", "b", "c"]] lst2 = lst1 lst1[0] = 11 print ...