Logstash收集日志
1. 依赖于Java环境,用来收集日志比较重,占用内存和CPU
2. Filebeat相对轻量,占用服务器资源小
3. 一般选用Filebeat来进行日志收集
Filebeat的安装
4. 下载二进制文件
5. 解压移到对应的目录完成安装/usr/local/
Filebeat的二进制安装
tar xvf filebeat-6.6.0-linux-x86_64.tar.gz -C /usr/local
mv /usr/local/filebeat-6.6.0-linux-x86_64 /usr/local/filebeat-6.6.0
部署服务介绍
6. 192.168.10.11 Kibana ES
7. 192.168.10.12 Filebeat
Filebeat发送日志到ES配置/usr/local/filebeat-6.6.0/filebeat.yml
[root@server12 ~]# mv /usr/local/filebeat-6.6.0/filebeat.yml /usr/local/filebeat-6.6.0/filebeat.yml.bak
[root@server12 ~]# vim /usr/local/filebeat-6.6.0/filebeat.yml
filebeat.inputs:
- type: log
tail_files: true
backoff: “1s”
paths:
- /usr/local/nginx/logs/access.log
output:
elasticsearch:
hosts: [“192.168.10.11:9200”]
启动Filebeat
8. 前台启动: /usr/local/filebeat-6.6.0/filebeat -e -c /usr/local/filebeat-6.6.0/filebeat.yml
9. 后台启动:nohup /usr/local/filebeat-6.6.0/filebeat -e -c /usr/local/filebeat-6.6.0/filebeat.yml >/tmp/filebeat.log 2>&1 &
Kibana上查看日志数据
[root@server12 ~]# tail -f /usr/local/nginx/logs/access.log
192.168.10.1 - - [13/Mar/2022:12:09:42 +0800] “GET / HTTP/1.1” 304 0 “-“ “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36”
192.168.10.1 - - [13/Mar/2022:12:10:36 +0800] “GET /test HTTP/1.1” 404 571 “-“ “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36”
192.168.10.1 - - [13/Mar/2022:12:12:54 +0800] “GET / HTTP/1.1” 304 0 “-“ “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36”
GET /_cat/indices?v
10. GET /xxx/_search?q=
GET /filebeat-6.6.0-2022.03.13/_search?q=
- 创建索引观察
Filebeat -> ES -> Kibana
12. 适合查看日志
13. 不适合具体日志的分析
若有收获,就点个赞吧
0 人点赞
