ELK收集nginx和tomcat日志

最新推荐文章于 2024-05-09 10:42:00 发布

掌九

最新推荐文章于 2024-05-09 10:42:00 发布

阅读量1k

点赞数

分类专栏：监控文章标签： elk nginx tomcat

本文链接：https://blog.csdn.net/zhuangjiu/article/details/126237034

版权

ELK收集日志

安装logstash
- 收集nginx日志
- 收集tomcat日志

ELK部署Redis+Keepalived高可用环境

安装logstash

安装logstash
logstash的依赖jdk-8u261-linux-x64.rpm已安装
[root@node4 ~]# yum install https://mirrors.tuna.tsinghua.edu.cn/elasticstack/7.x/yum/7.2.0/logstash-7.2.0.rpm

在logstash的家目录创建三个文件夹。分别用来存放日志，conf配置文件和logstash服务主配置
[root@node4 ~]# mkdir /usr/share/logstash/{etc,config,logs}
[root@node4 ~]# cp /etc/logstash/log4j2.properties /usr/share/logstash/config/
[root@node4 ~]# cp /etc/logstash/logstash.yml /usr/share/logstash/config/
[root@node4 ~]# ln -sv /usr/share/logstash/bin/logstash /usr/bin/logstash
‘/usr/bin/logstash’ -> ‘/usr/share/logstash/bin/logstash’

启动测试
[root@node4 ~]# logstash -e 'input { stdin {} } output { stdout {}}'
Thread.exclusive is deprecated, use Thread::Mutex
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2022-08-13T17:46:25,281][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2022-08-13T17:46:25,303][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.2.0"}
[2022-08-13T17:46:33,508][WARN ][org.logstash.instrument.metrics.gauge.LazyDelegatingGauge] A gauge metric of an unknown type (org.jruby.RubyArray) has been create for key: cluster_uuids. This may result in invalid serialization.  It is recommended to log an issue to the responsible developer/development team.
[2022-08-13T17:46:33,522][INFO ][logstash.javapipeline    ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>1, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>125, :thread=>"#<Thread:0x23cafa5d run>"}
[2022-08-13T17:46:33,650][INFO ][logstash.javapipeline    ] Pipeline started {"pipeline.id"=>"main"}
[2022-08-13T17:46:33,725][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
The stdin plugin is now waiting for input:
[2022-08-13T17:46:34,252][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}

#####看见[INFO ]输入hello world
hello world
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/awesome_print-1.7.0/lib/awesome_print/formatters/base_formatter.rb:31: warning: constant ::Fixnum is deprecated
{
       "message" => "hello world",
          "host" => "node3",
      "@version" => "1",
    "@timestamp" => 2022-08-13T09:46:42.307Z
}
####cirl+c退出

将屏幕输入的字符串输出到elasticsearch服务中
[root@node4 ~]# logstash -e 'input { stdin {} } output { elasticsearch { hosts=> ["192.168.43.111:9200", "192.168.43.112:9200", "192.168.43.113:9200"]}}'
Thread.exclusive is deprecated, use Thread::Mutex
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2022-08-13T17:56:27,892][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2022-08-13T17:56:27,918][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.2.0"}
[2022-08-13T17:56:36,192][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://192.168.43.111:9200/, http://192.168.43.1