ELK学习实验016:filebeat收集tomcat日志

时间:2021-02-24 16:01:07

filebeat收集tomcat日志

1 安装tomcat

[root@node4 ~]# yum -y install tomcat tomcat-webapps tomcat-admin-webapps tomcat-docs-webapp tomcat-javadoc

[root@node4 ~]# systemctl start tomcat

[root@node4 ~]# systemctl status tomcat

ELK学习实验016:filebeat收集tomcat日志

[root@node4 ~]# netstat -ntlp|grep 8080

ELK学习实验016:filebeat收集tomcat日志

2 访问生成日志

访问http://192.168.132.134:8080/

ELK学习实验016:filebeat收集tomcat日志

点击页面,就可以产生日志

[root@node4 ~]#  tail  -f /var/log/tomcat/localhost_access_log.2020-01-19.txt

ELK学习实验016:filebeat收集tomcat日志

3 转换日志格式

把tomcat日志转换成json格式

[root@node4 ~]# vim /etc/tomcat/server.xml

原格式

ELK学习实验016:filebeat收集tomcat日志

修改:

<Host name="localhost"  appBase="webapps"
unpackWARs="true" autoDeploy="true"> <!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
--> <!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="{&quot;client&quot;:&quot;%h&quot;, &quot;client user&quot;:&quot;%l&quot;, &quot;authenticated&quot;:&quot;%u&quot;, &quot;access time&quot;:&quot;%t&quot;, &quot;method&quot;:&quot;%r&quot;, &quot;status&quot;:&quot;%s&quot;, &quot;send bytes&quot;:&quot;%b&quot;, &quot;Query?string&quot;:&quot;%q&quot;, &quot;partner&quot;:&quot;%{Referer}i&quot;, &quot;Agent version&quot;:&quot;%{User-Agent}i&quot;}"/>
</Host>

重启

[root@node4 ~]# > /var/log/tomcat/localhost_access_log.2020-01-19.txt

[root@node4 ~]# systemctl restart tomcat

4 查看日志

[root@node4 ~]# tail -f /var/log/tomcat/localhost_access_log.2020-01-19.txt|jq .

ELK学习实验016:filebeat收集tomcat日志

5 filebeat收集日志

配置filebeat收集

filebeat.inputs:
#####################################################
## Nginx log
#####################################################
- type: log
enabled: true
paths:
- /usr/local/nginx/logs/access.log
json.key_under_root: true
json.overwrite_keys: true
tags: ["access"] - type: log
enabled: true
paths:
- /usr/local/nginx/logs/error.log
tags: ["error"] #####################################################
## tomcat log
#####################################################
- type: log
enabled: true
paths:
- /var/log/tomcat/localhost_access_log.*.txt
json.key_under_root: true
json.overwrite_keys: true
tags: ["tomcat"] #####################################################
## Output
#####################################################
setup.kibana:
host: "192.168.132.131:5601"
output.elasticsearch:
hosts: ["192.168.132.131:9200","192.168.132.132:9200","192.168.132.133:9200"]
#index: "nginx-%{[agent.version]}-%{+yyyy.MM.dd}"
indices:
- index: "access-%{[agent.version]}-%{+yyyy.MM.dd}"
when.contains:
tags: "access"
- index: "error-%{[agent.version]}-%{+yyyy.MM.dd}"
when.contains:
tags: "error"
- index: "tomcat-access-%{[agent.version]}-%{+yyyy.MM.dd}"
when.contains:
tags: "tomcat"

[root@node4 ~]# systemctl restart filebeat

ELK学习实验016:filebeat收集tomcat日志

已经配置成功

6 日志收集查看

详细日志

{
"_index": "tomcat-access-7.4.2-2020.01.19",
"_type": "_doc",
"_id": "HFExvW8BOF7DoSFdom7C",
"_version": 1,
"_score": 1,
"_source": {
"@timestamp": "2020-01-19T09:45:42.999Z",
"log": {
"offset": 412,
"file": {
"path": "/var/log/tomcat/localhost_access_log.2020-01-19.txt"
}
},
"json": {
"access time": "[19/Jan/2020:04:35:49 -0500]",
"send bytes": "945945",
"Query?string": "",
"Agent version": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36",
"authenticated": "-",
"partner": "http://192.168.132.134:8080/",
"client user": "-",
"method": "GET /docs/changelog.html HTTP/1.1",
"client": "192.168.132.1",
"status": "200"
},
"tags": [
"tomcat"
],
"input": {
"type": "log"
},
"host": {
"name": "node4"
},
"agent": {
"hostname": "node4",
"id": "bb3818f9-66e2-4eb2-8f0c-3f35b543e025",
"version": "7.4.2",
"type": "filebeat",
"ephemeral_id": "72970b03-e7a4-4529-b9ec-8134e563d395"
},
"ecs": {
"version": "1.1.0"
}
}
}

kibana查看

ELK学习实验016:filebeat收集tomcat日志

tomcat日志收集完成