1、 采集tomcat确实比之前的需求复杂很多,我在搭建了一个tomcat的环境,然后产生如下报错先贴出来:
Jan 05, 2017 10:53:35 AMorg.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: The APR based Apache Tomcat Native library which allowsoptimal performance in production environments was not found on thejava.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
Jan 05, 2017 10:53:35 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8088"]
Jan 05, 2017 10:53:35 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-bio-8009"]
Jan 05, 2017 10:53:35 AM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated withProtocolHandler ["ajp-bio-8009"]
java.net.BindException: Address already in use (Bind failed)<null>:8009
atorg.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:413)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:665)
atorg.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:452)
atorg.apache.catalina.startup.Catalina.load(Catalina.java:667)
atsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
atsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
atsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
atorg.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:400)
... 16 more
2、 分析我们需要的结构:
通过上面的分析,我们需要的数据有:时间戳、类名、日志信息。
我们需要的操作就是先把相同时间和的多行日志数据合并到同一个事件里面再分析。
###提示,因为tomcat日志比较困难,我们可以参考默认的日志结构:
[root@monitor patterns]# pwd
/test/logstash-5.0.0/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-4.0.2/patterns
[root@monitor patterns]# catjava
JAVACLASS(?:[a-zA-Z$_][a-zA-Z$_0-9]*\.)*[a-zA-Z$_][a-zA-Z$_0-9]*
#Space is an allowed characterto match special cases like 'Native Method' or 'Unknown Source'
JAVAFILE (?:[A-Za-z0-9_. -]+)