原文連結:https://www.cpweb.top/1245 |
---|
修改tomcat日志格式:
[[email protected] ~]# vim /etc/tomcat/server.xml
......
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="{"clientip":"%h","ClientUser":"%l","authenticated":"%u","AccessTime":"%t","method":"%r","status":"%s","SendBytes":"%b","Query?string":"%q","partner":"%{Referer}i","AgentVersion":"%{User-Agent}i"}"/>
......
測試檢視日志:
[[email protected] ~]# systemctl restart tomcat
[[email protected] ~]# curl 10.0.0.8:8080
[[email protected] ~]# tail -n2 /var/log/tomcat/localhost_access_log.2020-12-11.txt
10.0.0.8 - - [11/Dec/2020:17:27:34 +0800] "GET / HTTP/1.1" 200 5
{"clientip":"10.0.0.8","ClientUser":"-","authenticated":"-","AccessTime":"[11/Dec/2020:17:39:20 +0800]","method":"GET / HTTP/1.1","status":"200","SendBytes":"5","Query?string":"","partner":"-","AgentVersion":"curl/7.29.0"}
logstash收集:
[[email protected] conf.d]# vim tomcat_es.yml
input {
file {
path => "/var/log/tomcat/localhost_access_log.2020-12-11.txt "
start_position => "end"
type => "tomcat_access"
codec => json
}
}
output {
elasticsearch {
hosts => "10.0.0.5:9200"
index => "tomcat_access-%{+YYYY.MM.dd}"
}
}
[[email protected] logstash]# logstash -f tomcat_es.yml -t
[[email protected] logstash]# logstash -f tomcat_es.yml &
使用Kibana檢視Elasticsearch索引是否建立成功:
![](https://img.laitimes.com/img/__Qf2AjLwojIjJCLyojI0JCLicmbw5SMmNDNjR2M5cDOzQ2M2YDZ5czYiRzY1QGMhZDNiFzY58CX0JXZ252bj91Ztl2Lc52YucWbp5GZzNmLn9Gbi1yZtl2Lc9CX6MHc0RHaiojIsJye.png)
将索引添加到Kibana中展示檢視: