ELK收集tomcat状态日志
2023-09-11 14:18:55 时间
1、先查看之前的状态日志输出格式:在logs/catalina.out这个文件中
最上面的日志格式我们可能不太习惯使用,所以能输出下面的格式是最好的,当然需要我们自定义日志格式,接下来看看如何修改
2、打开conf/loggind.proterties这个文件,按照如下所示修改
在此文件中添加如下内容
1catalina.org.apache.juli.AsyncFileHandler.formatter = java.util.logging.SimpleFormatter java.util.logging.SimpleFormatter.format = %1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS.%1$tL [%4$s] [%3$s] %2$s %5$s %6$s%n
同时删除此行内容
java.util.logging.ConsoleHandler.formatter = org.apache.juli.OneLineFormatter
3、保存之后重启tomcat我们就可以在logs目录下的catalina.out日志文件中看到上面的比较友好的格式了。比如第一张图的第二个方框所示。
4、编写配置文件
input{ redis { host =>"172.16.0.54" port => 6379 data_type => "list" db => "5" password => "123456" key => "tomcat_accessstatus_filter_index" codec => "json" add_field => { "[@metadata][mytomcat]" => "tomcat_accessstatus_filter_log" } } } filter{ # if [fields][log_topic] == "tomcatlogs_catalina" { # mutate { # add_field => [ "[zabbix_key]", "tomcatlogs_catalina" ] # add_field => [ "[zabbix_host]", "%{[host][name]}" ] # } grok { match => { "message" => "%{TIMESTAMP_ISO8601:access_time}\s+\[(?<loglevel>[\s\S]*)\]\s+\[%{DATA:exception_info}\](?<tomcatcontent>[\s\S]*)" } } date { match => [ "access_time","MMM d HH:mm:ss", "MMM dd HH:mm:ss", "ISO8601"] } mutate { remove_field => "@version" remove_field => "message" #remove_field => "[fields][log_topic]" #remove_field => "fields" remove_field => "access_time" } } output{ stdout{} }
接下来输入一些内容,你就能看到效果了
比如,输入如下内容:
2019-03-19 13:08:07.782 [INFO] [org.apache.coyote.ajp.AjpNioProtocol] org.apache.coyote.AbstractProtocol destroy Destroying ProtocolHandler ["ajp-nio-8009"]
看到下面的效果
{ "@timestamp" => 2019-03-19T05:08:07.782Z, "source" => "/usr/local/tomcat/logs/catalina.out", "input" => { "type" => "log" }, "beat" => { "hostname" => "ELK-chaofeng07", "version" => "6.5.2", "name" => "ELK-chaofeng07" }, "offset" => 27466, "exception_info" => "org.apache.coyote.ajp.AjpNioProtocol", "host" => { "id" => "95f33c1568b94503946976569d36ad32", "os" => { "family" => "redhat", "codename" => "Core", "platform" => "centos", "version" => "7 (Core)" }, "containerized" => true, "name" => "ELK-chaofeng07", "architecture" => "x86_64" }, "loglevel" => "INFO", "prospector" => { "type" => "log" }, "tomcatcontent" => " org.apache.coyote.AbstractProtocol destroy Destroying ProtocolHandler [\"ajp-nio-8009\"] " }
这里我只是演示了logstash的输出而已,至于输出到ES集群是比较好配置的。这里不再详述
相关文章
- spring boot tomcat 打本地包成war,通过Tomcat启动时出现问题: ZipException: error in opening zip file
- IDEA中Tomcat在控制台乱码问题以及IDEA编码设置UTF-8
- tomcat在开发过程中使用ip地址无法访问的问题
- Eclipse TOMCAT 插件:Sysdeo Tomcat Launcher Plugin
- 用saltapi远程操作tomcat启停时,输出日志乱码再解决
- tomcat启动时间修改
- Tomcat控制台日志输出到文件
- tomcat性能优化调整
- ELK详解(十)——Logstash收集Tomcat日志实战
- 【手写Tomcat】1.流程梳理
- Tomcat调优总结
- 005-tomcat日志体系
- java-信息安全(十四)-https003-综合https、以及tomcat导入证书
- tomcat Context容器(中):Tomcat如何隔离Web应用?
- tomcat升级版本为8.5.68后.启动报错: java.lang.IllegalArgumentException: AJP连接器配置secretRequired=“true”
- Tomcat日志切割工具 logrotate
- 部署Tomcat及其负载均衡