收集tomcat日志
1.安装tomcat
yum install tomcat tomcat-webapps tomcat-admin-webapps tomcat-docs-webapp tomcat-javadoc -y
2.修改tomcat配置文件为json格式
vim /etc/tomcat/server.xml
第139行替换为:
pattern="{"clientip":"%h","ClientUser":"%l","authenticated":"%u","AccessTime":"%t","method":"%r","status":"%s","SendBytes":"%b","Query?string":"%q","partner":"%{Referer}i","AgentVersion":"%{User-Agent}i"}"/>
3.重启tomcat
systemctl restart tomcat
4.修改filebeat配置文件
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/nginx/bbs_access.log
json.keys_under_root: true
json.overwrite_keys: true
tags: ["bbs"]
- type: log
enabled: true
paths:
- /var/log/nginx/blog_access.log
json.keys_under_root: true
json.overwrite_keys: true
tags: ["blog"]
- type: log
enabled: true
paths:
- /var/log/nginx/www_access.log
json.keys_under_root: true
json.overwrite_keys: true
tags: ["www"]
- type: log
enabled: true
paths:
- /var/log/tomcat/localhost_access_log.2019-07-11.txt
json.keys_under_root: true
json.overwrite_keys: true
tags: ["tomcat"]
- type: log
enabled: true
paths:
- /var/log/nginx/error.log
tags: ["error"]
output.elasticsearch:
hosts: ["10.0.0.51:9200"]
indices:
- index: "nginx_www_access-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
tags: "www"
- index: "nginx_bbs_access-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
tags: "bbs"
- index: "nginx_blog_access-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
tags: "blog"
- index: "nginx_error-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
tags: "error"
- index: "tomcat_access-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
tags: "tomcat"
setup.template.name: "nginx"
setup.template.pattern: "nginx_*"
setup.template.enabled: false
setup.template.overwrite: true
网友评论