Logstash收集Tomcat访问日志

一 配置tomcat日志为json格式

#注释原有日志
        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
<!--        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log." suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
-->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="tomcat_access_log" suffix=".log"
               pattern="{&quot;clientip&quot;:&quot;%h&quot;,&quot;ClientUser&quot;:&quot;%l&quot;,&quot;authenticated&quot;:&quot;%u&quot;,&quot;AccessTime&quot;:&quot;%t&quot;,&quot;method&quot;:&quot;%r&quot;,&quot;status&quot;:&quot;%s&quot;,&quot;SendBytes&quot;:&quot;%b&quot;,&quot;Query?string&quot;:&quot;%q&quot;,&quot;partner&quot;:&quot;%{Referer}i&quot;,&quot;AgentVersion&quot;:&quot;%{User-Agent}i&quot;}"/>
[root@Docker ~]# /apps/tomcat/bin/startup.sh
[root@Docker ~]# cat /apps/tomcat/logs/tomcat_access_log2018-08-06.log 
{"clientip":"192.168.10.81","ClientUser":"-","authenticated":"-","AccessTime":"[06/Aug/2018:14:41:22 +0800]","method":"GET / HTTP/1.1","status":"200","SendBytes":"11418","Query?string":"","partner":"-","AgentVersion":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 UBrowser/6.2.4094.1 Safari/537.36"}

二 编写logstash配置文件

[root@Docker ~]# cat /etc/logstash/conf.d/tomcat.conf 
input {
    file {
      path => "/apps/tomcat/logs/tomcat_access_log*.log"
      type => "tomcat-access-log-ceshi"
      start_position => "beginning"
      stat_interval => "2"
    }
}
output {
    elasticsearch {
      hosts => ["192.168.10.10:9200"]
      index => "logstash-tomcat-access-log-ceshi-%{+YYYY.MM.dd}"
    }
}

三 检查

posted @ 2018-08-06 17:07  闫世成  阅读(1293)  评论(0编辑  收藏  举报