天下風雲出我輩
一入江湖歲月催
当前位置:Anonym0x1 > DevOps > ELKStack > 正文

Logstash收集Nginx与Tomcat访问日志

2018-10-07 分类:ELKStack 阅读(1077) 评论(0)

一、收集Nginx日志

1、Nginx配置成Json格式日志

#编辑nginx主配置文件
log_format logstash_json '{"@timestamp":"$time_local",'
    '"remote_addr":"$remote_addr",'
    '"remote_user":"$remote_user",'
    '"body_bytes_sent":"$body_bytes_sent",'
    '"request_time":"$request_time",'
    '"status":"$status",'
    '"request":"$request",'
    '"request_method":"$request_method",'
    '"http_referrer":"$http_referer",'
    '"body_bytes_sent":"$body_bytes_sent",'
    '"http_x_forwarded_for":"$http_x_forwarded_for",'
    '"http_user_agent":"$http_user_agent"}';

access_log  /var/log/nginx/access.log  logstash_json;

2、重启Nginx服务查看Json格式日志

{"@timestamp":"07/Oct/2018:17:08:49 +0800",
"remote_addr":"192.168.1.68",
"remote_user":"-",
"body_bytes_sent":"612",
"request_time":"0.000",
"status":"200",
"request":"GET / HTTP/1.1",
"request_method":"GET",
"http_referrer":"-",
"body_bytes_sent":"612",
"http_x_forwarded_for":"-",
"http_user_agent":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 
(KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"}

3、logstash中增加Nginx配置

input {
    file {
        path => "/var/log/nginx/access.log"
        type => "nginx-accesslog"
        start_position => "beginning"
    }    
}

output {
    if [type] == "nginx-accesslog" {
        elasticsearch {
        hosts => ["192.168.1.235:9200"]
        index => "nginx-accesslog-%{+YYYY.MM.dd}"
        }
    }
}

4、测试配置文件

bin/logstash -f /opt/logstash-6.4.1/config/syslog.conf -t

#显示以下内容说明没问题
Configuration OK

 

二、收集Tomcat日志

1、修改tomcat/conf/server.xml结尾部分的日志配置

<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
    prefix="tomcat_access" suffix=".log"
    pattern="{&quot;client&quot;:&quot;%h&quot;,&quot;client user&quot;:&quot;%l&quot;,
&quot;authenticated&quot;:&quot;%u&quot;, &quot;access time&quot;:&quot;%t&quot;,
&quot;method&quot;:&quot;%r&quot;, &quot;status&quot;:&quot;%s&quot;,&quot;send bytes&quot;
:&quot;%b&quot;,&quot;Query?string&quot;:&quot;%q&quot;,&quot;partner&quot;:&quot;%{Referer}
i&quot;,&quot;Agent version&quot;:&quot;%{User-Agent}i&quot;}"/>

2、重启Tomcat,查看日志格式

{"client":"192.168.1.68",
"client user":"-", 
"authenticated":"-", 
"access time":"[07/Oct/2018:15:54:00 +0800]",
 "method":"GET / HTTP/1.1", 
"status":"200","send bytes":"11250",
"Query?string":"",
"partner":"-","Agent version":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 
(KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"}

3、logstash中增加Tomcat配置

input{
    file {
        path => "/app/tomcat/logs/tomcat_access.*.log"
        type => "tomcatlog"
        start_position => "beginning"
        stat_interval => "5"
    }
}

output{
    if[type] == "tomcatlog" {
        elasticsearch {
            hosts => ["192.168.1.235:9200"]
            index => "tomcatlog-%{+YYYY.MM.dd}"
        }
    }
}

4、测试配置文件

bin/logstash -f /opt/logstash-6.4.1/config/tomcat.conf -t

#显示以下内容说明没问题
Configuration OK

 

三、运行Logstash服务并查看Kibana

#运行配置下所有匹配后缀为.conf的文件

bin/logstash -f "config/*.conf"

1、访问Kibana,设置索引

Tomcat同样步骤设置索引并查看数据:

 

 

注意:logstash中的配置文件如果有使用if[type]判断,所有配置都需要写判断,否则数据会混乱。

 

赞(3) 打赏
未经允许不得转载:Anonym0x1 » Logstash收集Nginx与Tomcat访问日志
标签:

相关推荐

评论 抢沙发

取消

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

置顶推荐

QQ交流群

标签云

Ansible (3) Ansible-playbook (4) BBR (1) Docker (13) Elasticsearch (2) git (1) GitLab (2) hello world (1) http2 (1) https (1) Inception (1) Jenkins (2) k8s (5) Keepalived (2) kubernetes (2) Linux (2) Linux内核 (1) LNMP (1) LVS (1) mysql (3) nginx (5) OpsManage (1) php (1) php-fpm (1) Redis (2) shadowsocks (1) shell (2) ssh双因素认证 (1) swap (2) Tengine (1) Tomcat (1) vps (1) Zabbix (4) Zsh (1) 加密货币 (1) 参数调优 (1) 搭梯子 (1) 散文 (1) 缓存数据库 (1) 翻墙 (1) 自动备份脚本 (1) 虚拟内存 (2) 诗词 (4) 负载均衡 (1) 集群架构 (1)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏