实验环境
192.168.170.8 node1 kibana
192.168.170.9 node2 els
192.168.170.10 node3 logstash1
192.168.170.11 node4 redis
192.168.170.12 node5 logstash2
192.168.170.22 node6 haproxy+web
保证所有主机的主机名都能被解析,同时保证ntp时间是同步的,同时关闭selinux和防火墙功能。
部署tomcat
一:安装java
[root@node6 ~]# rpm -ivh jdk-8u131-linux-x64.rpm二:部署tomcat
[root@node6 ~]# wget http://archive.apache.org/dist/tomcat/tomcat-8/v8.0.38/bin/apache-tomcat8.0.38.tar.gz
[root@node6 ~]# mkdir /apps
[root@node6 apps]# tar xvf apache-tomcat-8.0.36.tar.gz
[root@node6 apps]# ln -sv /apps/apache-tomcat-8.0.38/ /apps/tomcat
[root@node6 apps]# mkdir /apps/tomcat/webapps/tomcatweb
[root@node6 apps]# echo "Tomcat Web Page" > /apps/tomcat/webapps/tomcatweb/index.html三:启动与关闭tomcat
[root@node6 conf]# /apps/tomcat/bin/catalina.sh start
[root@node6 conf]# /apps/tomcat/bin/catalina.sh stop测试tomcat页面
tomcat日志转成json格式:
[root@node6 conf]# vim /apps/tomcat/conf/server.xml
pattern="{"client":"%h", "client user":"%l", "authenticated":"%u", "access time":"%t", "method":"%r", "status":"%s", "send bytes":"%b", "Query?string":"%q", "partner":"%{Referer}i", "Agent version":"%{User-Agent}i"}"/>2、重启tomcat:
[root@node6 conf]# /apps/tomcat/bin/catalina.sh stop
[root@node6 conf]# rm -rf /apps/tomcat/logs/
[root@node6 conf]# /apps/tomcat/bin/catalina.sh start通过后台方式查看tomcat启动状态
[root@node6 conf]# tail -f /apps/tomcat/logs/catalina.out 客户端用curl命令访问
[root@node5 ~]# curl http://192.168.170.22:8080/tomcatweb/index.html
Tomcat Web Page验证tomcat日志转json格式是否正常
[root@node6 conf]# tail -f /apps/tomcat/logs/tomcat_access_log.2019-04-16.log
{"client":"172.17.1.116", "client user":"-", "authenticated":"-", "access time":"[16/Apr/2019:16:29:53 +0800]", "method":"GET /favicon.ico HTTP/1.1", "status":"200", "send bytes":"21630", "Query?string":"", "partner":"http://192.168.170.22:8080/tomcatweb/", "Agent version":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3724.8 Safari/537.36"}配置filebeat收集tomcat日志:
[root@node6 conf]# vi /etc/filebeat/filebeat.yml
- input_type: log
paths:
- /apps/tomcat/logs/tomcat_access_log.*.txt
document_type: tomcat-accesslog-0022重启filebeat并查看启动状态
[root@node6 conf]# systemctl restart filebeat
[root@node6 conf]# systemctl status filebeat配置logstash2收集tomcat日志传给redis
[root@node5 conf.d]# vim /etc/logstash/conf.d/filebeats.conf #增加如下内容
if [type] == "tomcat-accesslog-0022" {
redis {
data_type => "list"
host => "192.168.170.11"
port => "6379"
key => "tomcat-accesslog-0022"
db => "9"
password => "123456"
codec => "json"
}
}重启logstash并通过后台日志查看重启状态
[root@node5 conf.d]# systemctl restart logstash
[root@node5 conf.d]# tail -f /var/log/logstash/logstash-plain.log客户端压测访问tomcat页面
[root@node6 ~]# ab -n100 -c10 http://192.168.170.22:8080/tomcatweb/验证redis中是否有数据输出
[root@node4 ~]# redis-cli -h 192.168.170.11 -a 123456
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
192.168.170.11:6379> select 9
OK
192.168.170.11:6379[9]> keys *
1) "tomcat-accesslog-0022"
192.168.170.11:6379[9]> keys *
1) "tomcat-accesslog-0022"
192.168.170.11:6379[9]> 配置logstash1从redis取出并写入至elasticsearch
[root@node3 ~]# vi /etc/logstash/conf.d/redis-els.conf #增加如下内容
input {
redis {
data_type => "list"
host => "192.168.170.11"
port => "6379"
key => "tomcat-accesslog-0022"
db => "9"
password => "123456"
codec => "json"
}
}
output {
if [type] == "tomcat-accesslog-0018" {
elasticsearch {
hosts => ["192.168.170.9:9200"]
index => "tomcat-accesslog-0022-%{+YYYY.MM.dd}"
}
}
}重启logstash服务:
[root@node3 conf.d]# systemctl restart logstash
[root@node3 conf.d]# tail -f /var/log/logstash/logstash-plain.log压测访问tomcat并验证日志
[root@node6 ~]# ab -n100 -c10 http://192.168.170.22:8080/tomcatweb/将tomcat访问日志添加至kibana并验证