|
|
前言
ELKstack抓取分析应用日志的前提是开发要将日志的输出格式改成json格式,否则产出的日志很难进行分析。
主要流程: tomcat通过log4j输出日志--> logstash接收数据并发送到redis --> logstash从redis获取数据并写入es
tomcat怎样输出应用日志?
tomcat7.0配置log4j日志
详细文档http://tomcat.apache.org/tomcat-7.0-doc/logging.html
一、创建log4j.properties文件
在$CATALINA_BASE/lib文件夹下,新建log4j.properties文件,内容如下
log4j.rootLogger = INFO, CATALINA
# Define all the appenders
log4j.appender.CATALINA = org.apache.log4j.DailyRollingFileAppender
log4j.appender.CATALINA.File = ${catalina.base}/logs/catalina
log4j.appender.CATALINA.Append = true
log4j.appender.CATALINA.Encoding = UTF-8
# Roll-over the log once per day
log4j.appender.CATALINA.DatePattern = '.'yyyy-MM-dd'.log'
log4j.appender.CATALINA.layout = org.apache.log4j.PatternLayout
log4j.appender.CATALINA.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
log4j.appender.LOCALHOST = org.apache.log4j.DailyRollingFileAppender
log4j.appender.LOCALHOST.File = ${catalina.base}/logs/localhost
log4j.appender.LOCALHOST.Append = true
log4j.appender.LOCALHOST.Encoding = UTF-8
log4j.appender.LOCALHOST.DatePattern = '.'yyyy-MM-dd'.log'
log4j.appender.LOCALHOST.layout = org.apache.log4j.PatternLayout
log4j.appender.LOCALHOST.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
log4j.appender.MANAGER = org.apache.log4j.DailyRollingFileAppender
log4j.appender.MANAGER.File = ${catalina.base}/logs/manager
log4j.appender.MANAGER.Append = true
log4j.appender.MANAGER.Encoding = UTF-8
log4j.appender.MANAGER.DatePattern = '.'yyyy-MM-dd'.log'
log4j.appender.MANAGER.layout = org.apache.log4j.PatternLayout
log4j.appender.MANAGER.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
log4j.appender.HOST-MANAGER = org.apache.log4j.DailyRollingFileAppender
log4j.appender.HOST-MANAGER.File = ${catalina.base}/logs/host-manager
log4j.appender.HOST-MANAGER.Append = true
log4j.appender.HOST-MANAGER.Encoding = UTF-8
log4j.appender.HOST-MANAGER.DatePattern = '.'yyyy-MM-dd'.log'
log4j.appender.HOST-MANAGER.layout = org.apache.log4j.PatternLayout
log4j.appender.HOST-MANAGER.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
log4j.appender.CONSOLE = org.apache.log4j.ConsoleAppender
log4j.appender.CONSOLE.Encoding = UTF-8
log4j.appender.CONSOLE.layout = org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
# Configure which loggers log to which appenders
log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost] = INFO, LOCALHOST
log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager] =\
INFO, MANAGER
log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager] =\
INFO, HOST-MANAGER二、下载jar包
(一)log4j.jar(1.2.x版本)
http://mvnrepository.com/artifact/log4j/log4j/1.2.17
(二)tomcat-juli.jar、tomcat-juli-adapters.jar
http://tomcat.apache.org/download-70.cgi
注意:下载时一定要下载"extras"的包,它与自带的包有区别,官方说明:
This tomcat-juli.jar differs from the default one. It contains the full Apache Commons Logging implementation and thus is able to discover the presence of log4j and configure itself.
三、替换jar包
将log4j.jar、tomcat-juli-adapters.jar放入$CATALINA_BASE/lib目录
将下载的tomcat-juli.jar替换$CATALINA_HOME/bin目录下的tomcat-juli.jar
注意:两个包放置的位置是不同的
四、删除logging.properties
删除tomcat默认的日志文件$CATALINA_BASE/conf/logging.properties文件
五、启动tomcat
启动后在$CATALINA_BASE/logs目录下就能看到log4j输出的日志
开发自定义应用日志输出
一般开发java程序,运行tomcat在应用上,日志格式定义普遍放在工程下:WEB-INF/class 目录下,一般都叫做log4j.properties
作者使用的logstash版本为2.3 ,属于最新版,如果小伙伴借鉴时出现异常,可以看下版本,对比官方文档。
让开发在log4j.properties中做以下更改就可:
#log4j.rootLogger = [ level ] , appenderName, appenderName, ...
log4j.rootLogger = info,console,infoR,errorR,logstash
#branch logger
log4j.logger.org.springframework=WARN
#log4j.logPath
log4j.logPath=/opt/tomcat_xxxxxweb/log
#console
log4j.appender.console = org.apache.log4j.ConsoleAppender
log4j.appender.console.layout = org.apache.log4j.PatternLayout
log4j.appender.console.layout.ConversionPattern = [%p] %d{yyyy-MM-dd HH:mm:ss} [%l] %m%n
#infoR
log4j.appender.infoR = org.apache.log4j.DailyRollingFileAppender
log4j.appender.infoR.File =${log4j.logPath}/XXXXXX.log
log4j.appender.infoR.layout = org.apache.log4j.PatternLayout
log4j.appender.infoR.layout.ConversionPattern=[%p] %d{yyyy-MM-dd HH:mm:ss} [%l] %m%n
log4j.appender.infoR.datePattern='.'yyyyMMdd'.log'
log4j.appender.infoR.Threshold = INFO
#errorR
log4j.appender.errorR = org.apache.log4j.DailyRollingFileAppender
log4j.appender.errorR.File =${log4j.logPath}/XXXXXError.log
log4j.appender.errorR.layout = org.apache.log4j.PatternLayout
log4j.appender.errorR.layout.ConversionPattern=[%p] %d{yyyy-MM-dd HH:mm:ss} [%l] %m%n
log4j.appender.errorR.datePattern='.'yyyyMMdd'.log'
log4j.appender.errorR.Threshold = ERROR
#logstash
log4j.appender.logstash=org.apache.log4j.net.SocketAppender
log4j.appender.logstash.Port=12201
log4j.appender.logstash.RemoteHost=sz-a-xxxxxlogstash01-logstash-xen.xxxxx.com
log4j.appender.logstash.ReconnectionDelay=60000
log4j.appender.logstash.LocationInfo=true
log4j.appender.logstash.Threshold = INFOlogstash如何接受log4j日志并写入redis?
此处将不再介绍logstash的安装,建议使用yum安装管理,使用起来比较方便。
可以将logstash配置文件放入/etc/logstash/conf.d 内
logstash配置文件展示:
input {
tcp {
port => "11011"
type => "syslog"
}
log4j {
type => "log4j-json-web"
port=>12202
}
log4j {
type => "log4j-json-tomcat"
port=>12201
}
}
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
}
}
if [type] == "log4j-json-web" {
json {
source => "message"
}
}
}
output {
if [type] == "syslog" {
redis {
host => "sz-a-xxxxxredis01-redis-xen.xxxxx.com"
data_type => "list"
key => "logstash:syslog-log"
}
}
if [type] == "log4j-json-web" {
redis {
host => "sz-a-xxxxxredis01-redis-xen.xxxxx.com"
data_type => "list"
key => "logstash:xxxxxweb-web-log"
}
}
if [type] == "log4j-json-tomcat" {
redis {
host => "sz-a-xxxxxredis01-redis-xen.xxxxx.com"
data_type => "list"
key => "logstash:xxxxxweb-tomcat-log"
}
}
}
一个logstash进程可以有多个input输入,然后为每个输入设置type属性,此时需要注意!!日志中不要出现type字段,不然是大坑!!!!
ouput可以通过if语句判断input来源并输出到不同的地方
redis使用list模式来存储数据,这样就起到缓存的作用,一入一出,不会撑爆redis
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-12-2 07:56:43
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡