匿名
未登录
登录
Linux78|wiki
搜索
查看“Filebeat安装配置”的源代码
来自Linux78|wiki
名字空间
页面
讨论
更多
更多
页面选项
查看
查看源代码
历史
←
Filebeat安装配置
因为以下原因,您没有权限编辑本页:
您所请求的操作仅限于该用户组的用户使用:
wiki:用户|用户
您可以查看与复制此页面的源代码。
1、安装filebeat # yum install filebeat-6.6.1-x86_64.rpm 2、配置filebeat收集系统日志输出到文件中(/etc/filebeat/filebeat.yml) filebeat.prospectors: - input_type: log paths: - /var/log/*.log - /var/log/messages exclude_lines: ["^DBG","^$"] document_type: system-log-5612 output.file: path: "/tmp" filename: "filebeat.txt" 3、启动filebeat服务 1 systemctl start filebeat 4、向系统(/var/log/messages)日志插入数据,然后通过查看filebeat.txt文件是是否收集到了数据。 5、配置filebeat收集系统日志输出到redis中(/etc/filebeat/filebeat.yml) # grep -v "#" /etc/filebeat/filebeat.yml | grep -v "^$" filebeat.prospectors: - input_type: log paths: - /var/log/*.log - /var/log/messages exclude_lines: ["^DBG","^$"] document_type: system-log-5612 output.redis: hosts: "192.168.56.12" db: "3" port: "6379" password: "123456" key: "system-log-5612" # systemctl restart filebeat # 向/var/log/messages中插入数据 # redis中验证数据是否存在 6、将redis中存放的系统日志输出到elasticsearch中 21 # cat redis-elasticsearch.conf input { redis { data_type => "list" host => "192.168.56.12" db => "3" port => "6379" password => "123456" key => "system-log-5612" } } output { elasticsearch { hosts => ["192.168.56.11:9200"] index => "system-log-5612-%{+YYYY.MM.dd}" } } # /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/redis-elasticsearch.conf -t # systemctl restart logstash 7、测试 1 2 # echo "aaaaaaaaaaaa" >> /var/log/messages # echo "bbbbbbbbbbbb" >> /var/log/messages 二、filebeat实验配置信息 环境信息: 服务器描述 IP地址 应用 web服务器 192.168.56.100 nginx、filebeat redis服务器 192.168.56.12 redis logstash服务器端 192.168.56.11 logstash elasticsearch服务集群 192.168.56.15/16 java、elasticsearch kibana服务器 192.168.56.12 kibana、nginx反向代理认证 1、filebeat配置文件,filebeat收集nginx日志并输出到redis数据库服务器 # grep -v "#" /etc/filebeat/filebeat.yml |grep -v "^$" filebeat.inputs: - type: log enabled: true paths: - /var/log/nginx/access.log filebeat.config.modules: path: ${path.config}/modules.d/*.yml reload.enabled: false setup.template.settings: index.number_of_shards: 3 setup.kibana: output.redis: hosts: ["192.168.56.12"] port: 6379 key: "nginx-log" 2、logstash server端配置文件,从redis中读取数据输出到elasticsearch服务中 # cat /etc/logstash/conf.d/redis-es-logstash-nginx.conf input { redis { data_type => "list" host => "192.168.56.12" db => "0" port => "6379" key => "nginx-log" } } output { elasticsearch { hosts => ["192.168.56.15:9200"] index => "nginx-log-%{+YYYY.MM.dd}" } } 3、kibana配置文件 # grep -Evi "^#|^$" /etc/kibana/kibana.yml server.port: 5601 server.host: "192.168.56.12" elasticsearch.hosts: ["http://192.168.56.15:9200","http://192.168.56.16:9200"] 4、nginx 反向代理kibana配置文件 # cat /etc/nginx/nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format access_log_json '{"user_ip":"$http_x_forwarded_for","lan_ip":"$remote_addr","log_time":"$time_iso8601","user_rqp":"$request","http_code":"$status","body_bytes_sent":"$body_bytes_sent","req_time":"$request_time","user_ua":"$http_user_agent"}'; sendfile on; keepalive_timeout 65; include conf.d/*.conf; } # cat /etc/nginx/conf.d/http-www.conf server { listen 81; server_name localhost; auth_basic "User Authentication"; auth_basic_user_file /etc/nginx/conf.d/kibana.passwd; access_log /var/log/nginx/http-access.log access_log_json; location / { proxy_set_header Host $host; proxy_set_header x-for $remote_addr; proxy_set_header x-server $host; proxy_set_header x-agent $http_user_agent; proxy_pass http://kibana; } } # cat /etc/nginx/conf.d/upstream.conf upstream kibana { server 192.168.56.12:5601; } # cat /etc/nginx/conf.d/kibana.passwd admin:$apr1$21NJ.Fx/$gmT0bwS4GoW1gmsHDRq911 三、filebeat 收集多日志文件 # 1、filebeat收集nginx访问日志、系统日志,输出到redis服务器中。 # grep -v "#" /etc/filebeat/filebeat.yml |grep -v "^$" filebeat.inputs: - type: log enabled: true paths: - /var/log/nginx/access.log tags: ["nginx-log-56-100"] - type: log enabled: true paths: - /var/log/messages tags: ["system-messages-log-56-100"] filebeat.config.modules: path: ${path.config}/modules.d/*.yml reload.enabled: false setup.template.settings: index.number_of_shards: 3 setup.kibana: output.redis: hosts: ["192.168.56.12"] port: 6379 timeout: 5 key: "default_list" # 2、logstash服务端从redis数据库中读取数据并输出到Elasticsearch服务器中。 # cat redis-es-logstash-nginx.conf input { redis { data_type => "list" host => "192.168.56.12" db => "0" port => "6379" key => "default_list" } } output { if "nginx-log-56-100" in [tags] { elasticsearch { hosts => ["192.168.56.15:9200"] index => "nginx-log-56100-%{+YYYY.MM.dd}" } } if "system-messages-log-56-100" in [tags] { elasticsearch { hosts => ["192.168.56.15:9200"] index => "system-messages-log-56100-%{+YYYY.MM.dd}" } } } 四、filebeat 收集多日志文件(syslog、nginx、java 多行合并) # grep -v "#" /etc/filebeat/filebeat.yml |grep -v "^$" filebeat.inputs: - type: log enabled: true paths: - /var/log/nginx/access.log tags: ["nginx-log-56-100"] - type: log enabled: true paths: - /var/log/messages tags: ["system-messages-log-56-100"] - type: log enabled: true paths: - /data/tomcat/logs/catalina.out tags: ["tomcat-catalina-log-56-100"] multiline: pattern: '^\[' negate: true match: after filebeat.config.modules: path: ${path.config}/modules.d/*.yml reload.enabled: false setup.template.settings: index.number_of_shards: 3 setup.kibana: output.redis: hosts: ["192.168.56.12"] port: 6379 timeout: 5 key: "default_list" # cat redis-es-logstash-nginx-system-tomcat.conf input { redis { data_type => "list" host => "192.168.56.12" db => "0" port => "6379" key => "default_list" } } output { if "nginx-log-56-100" in [tags] { elasticsearch { hosts => ["192.168.56.15:9200"] index => "nginx-log-56100-%{+YYYY.MM.dd}" } } if "system-messages-log-56-100" in [tags] { elasticsearch { hosts => ["192.168.56.15:9200"] index => "system-messages-log-56100-%{+YYYY.MM.dd}" } } if "tomcat-catalina-log-56-100" in [tags] { elasticsearch { hosts => ["192.168.56.15:9200"] index => "tomcat-catalina-log-56100-%{+YYYY.MM.dd}" } } }
返回至
Filebeat安装配置
。
导航
导航
首页
最近更改
随机页面
栏目
Nginx
Kubernetes
Spring Cloud
Wiki工具
Wiki工具
特殊页面
页面工具
页面工具
用户页面工具
更多
链入页面
相关更改
页面信息
页面日志
