Java logstash 日志收集 logstash收集tomcat日志

1.安装Tomcattat安装

1.安装java环境[root@web01 ~]# rpm -ivh jdk-8u181-linux-x64.rpm2.上传包[root@web01 ~]# rz apache-tomcat-10.0.0-M7.tar.gz3.解压[root@web01 ~]# tar xf apache-tomcat-10.0.0-M7.tar.gz -C /usr/local/4.软连接[root@web01 ~]# ln -s /usr/local/apache-tomcat-10.0.0-M7 /usr/local/tomcat5.启动Tomcat[root@web01 ~]# /usr/local/tomcat/bin/startup.sh6.访问页面 10.0.0.7:8080

[root@web01 ~]# vim /etc/logstash/conf.d/tomcat_file.confinput {  file {    path => "/usr/local/tomcat/logs/localhost_access_log.*.txt"    start_position => "beginning"  }}output {  file {    path => "/tmp/tomcat_%{+YYYY-MM-dd}.log"  }}

[root@web01 ~]# vim /etc/logstash/conf.d/tomcat_es.confinput {  file {    path => "/usr/local/tomcat/logs/localhost_access_log.*.txt"    start_position => "beginning"  }}output {  elasticsearch {    hosts => ["10.0.0.51:9200"]    index => "tomcat_%{+YYYY-MM-dd}.log"  }}

#收集tomcat日志，遇到报错时，一个报错会分成很多数据，不方便查看解决方案:1。修改tomcat日志格式为json1)开发修改输出日志为json2)修改tomcat配置，日志格式为json2。使用logstashinput插件下的mutiline模块

[root@web01 ~]# vim /usr/local/tomcat/conf/server.xml#注释原日志格式，添加我们的格式<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"               prefix="tomcat_access_json" suffix=".log"               pattern="{"clientip":"%h","ClientUser":"%l","authenticated":"%u","AccessTime":"%t","method":"%r","status":"%s","SendBytes":"%b","Query?string":"%q","partner":"%{Referer}i","AgentVersion":"%{User-Agent}i"}"/>

[root@web01 ~]# /usr/local/tomcat/bin/shutdown.sh[root@web01 ~]# /usr/local/tomcat/bin/startup.sh

[root@web01 ~]# vim /etc/logstash/conf.d/tomcat_json_es.confinput {  file {    path => "/usr/local/tomcat/logs/tomcat_access_json.*.log"    start_position => "beginning"  }}output {  elasticsearch {    hosts => ["10.0.0.51:9200"]    index => "tomcat_json_%{+YYYY-MM-dd}.log"  }}

[root@web01 ~]# vim /etc/logstash/conf.d/test_mutiline.confinput {  stdin {    codec => multiline {  #以[开头      pattern => "^\["      #匹配到      negate => true      #向上合并，向下合并是next      what => "previous"    }  }}output {  stdout {    codec => json  }}#当遇到测试时，输入内容不会直接输出 [ 以上日志将在开头收集

[root@web01 ~]# vim /etc/logstash/conf.d/tomcat_mutiline.conf input {  file {    path => "/usr/local/tomcat/logs/tomcat_access_json.*.log"    start_position => "beginning"    codec => multiline {      pattern => "^\["      negate => true      what => "previous"    }  }}output {  elasticsearch {    hosts => ["10.0.0.51:9200"]    index => "tomcat_json_%{+YYYY-MM-dd}"    codec => "json"  }}

[root@web01 ~]# cat 1.txt >> /usr/local/tomcat/logs/tomcat_access_json.2020-08-14.log

本文是转载内容，我们尊重原作者对文章的权利。如有内容错误或侵权行为，请联系我们更正或删除文章。