脚本宝典收集整理的这篇文章主要介绍了logstash收集Tomcat日志,脚本宝典觉得挺不错的,现在分享给大家,也给大家做个参考。
web服务器安装jdk,安装Tomcat还有LOGstash
安装jdk
[root@es-web1 ~]# apt install oPEnjdk-8-jdk -y
dpkg安装logstash(需要改启动文件的以root启动)
[root@es-web1 src]# dpkg -i logstash-7.12.1-amd64.deb
[root@es-web1 ~]# mkdir /apps
解压
[root@es-web1 apps]# tar xf apache-tomcat-8.5.54.tar.gz
制作软链接
[root@es-web1 apps]# ln -sv /apps/apache-tomcat-8.5.54 /apps/tomcat
'/apps/tomcat' -> '/apps/apache-tomcat-8.5.54'
创建目录
[root@es-web1 webapps]# pwd
/apps/tomcat/webapps
[root@es-web1 webapps]# mkdir myapp
添加数据
[root@es-web1 webapps]# vim myapp/index.jsp
myapp for 172.31.2.107
启动
[root@es-web1 tomcat]# ./bin/catalina.sh start
测试: http://172.31.2.107:8080/myapp/
改Tomcat 配置
[root@es-web1 tomcat]# vim conf/server.XMl
<Valve classname="org.apache.catalina.valves.AccessLogValve" directory="logs"
PRefix="tomcat_access_log" suffix=".log"
pattern="{&quot;clientip":"%h","ClientUser":"%l","authenticated":"%u","AccessTime":"%t","metod":"%r","status":"%s","SendBytes":"%b","Query?string":"%q","partner":"%{Referer}i","AgentVersion":"%{User-Agent}i"}"/>
停止
[root@es-web1 tomcat]# ./bin/catalina.sh stop
启动
[root@es-web1 tomcat]# ./bin/catalina.sh start
查看日志
[root@es-web1 tomcat]# tail -f logs/tomcat_access_log.2021-08-25.log
在原来的基础上写logstash配置
root@long:/usr/local/src# vim /etc/logstash/conf.d/System-log-es.conf
input {
file {
path => "/VAR/log/bootstrap.log"
start_posITion => "beginning"
stat_interval => 3
type => "bootstrap"
}
file {
path => "/apps/tomcat/logs/tomcat_access_log.*.log"
start_position => "beginning"
stat_interval => 3
type => "tomcat-accesslog"
}
}
output {
if [type] == "bootstrap"{
elasticseArch {
hosts => ["172.31.2.101:9200"]
index => "long-bootstrap-log-%{+yyYY.MM.dd}"
}}
if [type] == "tomcat-accesslog"{
elasticsearch {
hosts => ["172.31.2.101:9200"]
index => "long-tomcat-accesslog-%{+YYYY.MM.dd}"
codec => "json"
}}
}
改权限
[root@es-web1 conf.d]# chmod 644 /apps/tomcat/logs/tomcat_access_log.*.log
重启
root@long:/usr/local/src# systemctl restart logstash
添加到kibana 略
收集java日志并合并日志
[root@linux-host1 ~]# vim /etc/logstash/conf.d/java.conf
input {
file {
path => "/apps/tomcat/logs/catalina.out"
type => "javalog"
start_position => "beginning"
stat_interval => 3
codec => multiline {
pattern => "^["
negate => true
what => "previous"
}}
}
output {
if [type] == "javalog" {
stdout {
codec => "rubydebug"
}
file {
path => "/tmp/m.txt"
}}
}
检查语法:
[root@linux-host1 ~]# /usr/share/logstash/bin/logstash -f
/etc/logstash/conf.d/java.conf -t
将输出改为elasticsearch:
更改后的内容如下:(注意:后面正则不能使用模糊匹配,不然会一直匹配下去)
[root@es-web1 ~]# cat /etc/logstash/conf.d/java-to-es.conf
input {
file {
path => "/apps/tomcat/logs/catalina.out"
start_position => "beginning"
stat_interval => 3
type => "javalog"
codec => multiline {
pattern => "^d+-w+-[0-9]{4}"
negate => true
what => "previous"
}}
}
output {
if [type] == "javalog" {
elasticsearch {
hosts => ["172.31.2.101:9200"]
index => "long-javalog-%{+YYYY.MM.dd}"
}}
}
重启
root@linux-host1 ~]# systemctl restart logstash
添加到kibana 略
@H_98_126@
以上是脚本宝典为你收集整理的logstash收集Tomcat日志全部内容,希望文章能够帮你解决logstash收集Tomcat日志所遇到的问题。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。