概述
1.安装Nginx
yum -y install nginx
vim /etc/nginx/nginx.conf
# 修改日志格式为json格式,并创建一个nginxweb的网站目录
log_format access_json '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"url":"$uri",'
'"domain":"$host",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"status":"$status"}';
access_log
/var/log/nginx/access.log
access_json;
vim /etc/nginx/conf.d/nginxweb.conf
server {
listen
80;
server_name
10.0.0.22;
location /nginxweb {
root html;
index index.html index.htm;
}
error_page
404
/404.html;
error_page
500 502 503 504
/50x.html;
location = /50x.html {
root
/usr/share/nginx/html;
}
}
mkdir /usr/share/nginx/html/nginxweb
echo "<h1> welcome to use Nginx" </h1> /usr/share/nginx/html/nginxweb/index.html
nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
systemctl start nginx
# 访问http://10.0.0.22/nginxweb/时一直报404,查了一下,发现/etc/nginx/下没有静态文件
ln -s /usr/share/nginx/html/ /etc/nginx/
2.配置logstash
vim /etc/logstash/conf.d/nginx-accesslog.conf
input{
file {
path => "/var/log/nginx/access.log"
type => "nginx-access-log"
start_position => "beginning"
stat_interval => "2"
}
}
output{
elasticsearch {
hosts => ["10.0.0.22:9200"]
index => "logstash-nginx-access-log-%{+YYYY.MM.dd}"
}
}
systemctl restart logstash
# 压力测试
yum -y install httpd-tools
ab -n 800 -c 100
http://10.0.0.22/nginxweb/index.html
-n:requests Number of requests to perform 要执行的请求数
-c:Concurrency 并发
nginx属于 adm 组,使用 logstash 读取日志,可能产生权限异常
usermod -G adm logstash
在elasticsearch-head页面查看日志时,点击A-index,再点击B-index时,会把A-index的所有内容与B-index相合并,再点一下A-index,就只剩B-index的内容了.
3.安装tomcat
wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-8/v8.5.37/bin/apache-tomcat-8.5.37.tar.gz
tar xf apache-tomcat-8.5.37.tar.gz
ln -s /usr/local/src/apache-tomcat-8.5.37 /usr/local/src/apache-tomcat
cd /usr/local/src/apache-tomcat/webapps/
mkdir webpage
echo "this is tomcat web page" > webpage/index.html
../bin/catalina.sh start
# 访问http://10.0.0.22:8080/webpage/index.html
cd ..
tail logs/localhost_access_log.2019-02-06.txt
10.0.0.1 - - [06/Feb/2019:01:34:30 +0800] "GET /webpage/index.html HTTP/1.1" 200 24
10.0.0.1 - - [06/Feb/2019:01:34:31 +0800] "GET /favicon.ico HTTP/1.1" 200 21630
cd conf/
cp server.xml{,.bak}
vim server.xml
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="tomcat_access_log" suffix=".log"
pattern="{"clientip":"%h","ClientUser":"%l",
"authenticated":"%u","AccessTime":"%t",
"method":"%r","status":"%s",
"SendBytes":"%b","Query?string":"%q",
"partner":"%{Referer}i","AgentVersion":"%{User-Agent}i"}"/>
cd ..
rm -rf logs/*
./bin/catalina.sh stop
./bin/catalina.sh start
tail logs/tomcat_access_log.2019-02-06.log
vim /etc/logstash/conf.d/tomcat_accesslog.conf
input {
file {
path => "/usr/local/src/apache-tomcat/logs/tomcat_access_log.*.log"
type => "tomcat-access"
start_position => "beginning"
stat_interval => "2"
}
}
output {
if [type] == "tomcat-access" {
elasticsearch {
hosts => ["10.0.0.22:9200"]
index => "logstash-tomcat1022-access-%{+YYYY.MM.dd}"
}
}
}
systemctl restart logstash
# 无法出现tomcat的数据索引,权限有问题
cd /usr/local/src/apache-tomcat/
chmod 755 logs/
chmod 666 tomcat_access_log.2019-02-06.log
权限改成644都不行
Nginx的json格式日志收集:http://blog.51cto.com/jinlong/2055173
Tomcat的json格式日志收集:http://blog.51cto.com/jinlong/2055379
转载于:https://www.cnblogs.com/fawaikuangtu123/p/7910569.html
最后
以上就是调皮冬瓜为你收集整理的ELK之收集Nginx、Tomcat的json格式日志的全部内容,希望文章能够帮你解决ELK之收集Nginx、Tomcat的json格式日志所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复