学海无涯
go,go,go

ELFK部署安装(五)-收集tomcat日志

#安装tomcat
yum install tomcat tomcat-webapps tomcat-admin-webapps tomcat-docs-webapp tomcat-javadoc -y

#启动tomcat和检查tomcat
systemctl start tomcat
systemctl status tomcat
[root@centos7 ~]# ss -lnt|grep 8080
LISTEN     0      100         :::8080 
   #修改tomcat的/etc/tomcat/server.xml配置文件的日志配置为json格式,删除掉138到139行,替换下边为json格式的日志方式
   137          <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
   138                 prefix="localhost_access_log." suffix=".txt"
   139                 pattern="{&quot;clientip&quot;:&quot;%h&quot;,&quot;ClientUser&quot;:&quot;%l&quot;,&quot;authenticated&quot;:&quot;%u&quot;,&quot;AccessTime&quot;:&quot;%t&quot;,&quot;method&quot;:&quot;%r&quot;,&quot;status&quot;:&quot;%s&quot;,&quot;SendBytes&quot;:&quot;%b&quot;,&quot;Query?string&quot;:&quot;%q&quot;,&quot;partner&quot;:&quot;%{Referer}i&quot;,&quot;AgentVersion&quot;:&quot;%{User-Agent}i&quot;}"/>
替换内容
                 prefix="localhost_access_log." suffix=".txt"
                 pattern="{&quot;clientip&quot;:&quot;%h&quot;,&quot;ClientUser&quot;:&quot;%l&quot;,&quot;authenticated&quot;:&quot;%u&quot;,&quot;AccessTime&quot;:&quot;%t&quot;,&quot;method&quot;:&quot;%r&quot;,&quot;status&quot;:&quot;%s&quot;,&quot;SendBytes&quot;:&quot;%b&quot;,&quot;Query?string&quot;:&quot;%q&quot;,&quot;partner&quot;:&quot;%{Referer}i&quot;,&quot;AgentVersion&quot;:&quot;%{User-Agent}i&quot;}"/>

截图配置说明

#重启tomcat
systemctl restart tomcat

#在网页访问测试查看tomcat的日志是否是json格式
[root@centos7 tomcat]# tail -F /var/log/tomcat/localhost_access_log.2019-12-15.txt 
{"clientip":"10.10.1.115","ClientUser":"-","authenticated":"-","AccessTime":"[15/Dec/2019:14:52:05 +0800]","method":"GET /favicon.ico HTTP/1.1","status":"200","SendBytes":"21630","Query?string":"","partner":"-","AgentVersion":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"}
{"clientip":"10.10.1.115","ClientUser":"-","authenticated":"-","AccessTime":"[15/Dec/2019:14:52:07 +0800]","method":"GET / HTTP/1.1","status":"200","SendBytes":"11217","Query?string":"","partner":"-","AgentVersion":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"}
#配置filebeat的配置文件
cat >/etc/filebeat/filebeat.yml<<'EOF'
filebeat.inputs:
#################nginx#############
- type: log
  enabled: true 
  paths:
    - /var/log/nginx/access.log
  json.keys_under_root: true
  json.overwrite_keys: true
  tags: ["access"] 

- type: log
  enabled: true 
  paths:
    - /var/log/nginx/error.log
  tags: ["error"]

#################tomcat#############
- type: log
  enabled: true 
  paths:
    - /var/log/tomcat/localhost_access_log.*.txt
  json.keys_under_root: true
  json.overwrite_keys: true
  tags: ["tomcat"] 

#################output#############
setup.kibana:
  host: "192.168.2.197:5601"

output.elasticsearch:
  hosts: ["192.168.2.197:9200"]

  indices:
    - index: "nginx-access-%{[beat.version]}-%{+yyyy.MM}"
      when.contains:
        tags: "access"
    - index: "nginx-error-%{[beat.version]}-%{+yyyy.MM}"
      when.contains:
        tags: "error"
    - index: "tomcat-access-%{[beat.version]}-%{+yyyy.MM}"
      when.contains:
        tags: "tomcat"

setup.template.name: "nginx"
setup.template.pattern: "nginx-*"
setup.template.enabled: false
setup.template.overwrite: true
EOF
#重启filebeatng
systemctl restart filebeat

#检查filebeat的配置文件是否出错
tail -F /var/log/filebeat/filebeat

#在网页上检查

赞(1) 打赏
未经允许不得转载:YYQ运维技术博客_运维的工作学习之路 » ELFK部署安装(五)-收集tomcat日志
分享到: 更多 (0)

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

运维devops

联系我们关于本博客

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏