ELK之使用消息隊列收取日誌
1、ELKStack簡介
Elstaicsearch:存儲和搜索 logstash:收集 kibana:展現.專門爲ES設計的展現平臺
2、ELK之使用消息隊列收取日誌
一、環境準備
環境準備html
IP 主機名 操做系統 192.168.56.11 linux-node1 centos7 192.168.56.12 linux-node2 centos7
二、流程分析
日誌-->logstash(flume)-->MQ(redis,rabbitmq)-->logstash(python scripts)-->es
官網參考連接 https://www.elastic.co/guide/en/logstash/current/input-plugins.html
流程圖以下:
node
3、安裝配置redis
一、安裝redis
編譯安裝或者yum安裝都可,這裏咱們選擇yum安裝python
在192.168.56.12上執行以下命令: yum -y install redis
二、配置redis
編輯redis配置文件,這裏須要修改的有兩處linux
vim /etc/redis.conf daemonize yes #是否之後臺daemon方式運行 bind 192.168.56.12 #綁定主機 保存退出
三、啓動redis並測試鏈接
啓動redis: systemctl start redis 測試鏈接: [root@linux-node2 ~]# redis-cli -h 192.168.56.12 -p 6379 192.168.56.12:6379>
4、分析利用redis收取日誌的過程
一、實現數據能寫入redis
在192.168.56.12上編寫redis.conf配置文件,實現數據從標準輸入寫入redisredis
[root@linux-node2 ~]# cat /etc/logstash/conf.d/redis.conf
input{
stdin{}
}
output{
redis{
host => "192.168.56.12" #主機地址
port => "6379" #redis默認端口是6379
db => "6" #redis默認db是0,這裏咱們寫入到db 6
data_type => "list" #咱們選擇list做爲數據類型
key => "demo" #數據寫入redis時所用的key
}
}
啓動logstash,並輸入內容進行驗證apache
[root@linux-node2 conf.d]# /opt/logstash/bin/logstash -f redis.conf Settings: Default pipeline workers: 1 Pipeline main started papapapa
鏈接redis,選擇db,查看數據是否寫入redisjson
[root@linux-node2 ~]# redis-cli -h 192.168.56.12 -p 6379
192.168.56.12:6379> select 6
OK
192.168.56.12:6379[6]> keys *
1) "demo"
192.168.56.12:6379[6]> llen demo
(integer) 1
192.168.56.12:6379[6]> lindex demo -1
"{\"message\":\"papapapa\",\"@version\":\"1\",\"@timestamp\":\"2016-09-04T08:08:11.998Z\",\"host\":\"linux-node2\"}"
192.168.56.12:6379[6]>
咱們看到能夠把數據寫入redisvim
二、實現從文件中讀取日誌,並寫入redis
在192.168.56.11上編寫/etc/logstash/conf.d/apache.conf配置文件centos
[root@linux-node1 /var/log/httpd]# vim /etc/logstash/conf.d/apache.conf
input {
file {
path => "/var/log/httpd/access_log"
start_position => "beginning"
type => "apache-accesslog"
}
file{
path => "/var/log/elasticsearch/myes.log"
type => "es-log"
start_position => "beginning"
codec => multiline{
pattern => "^\["
negate => true
what => "previous"
}
}
}
output {
if [type] == "apache-accesslog" {
redis {
host => "192.168.56.12"
port => "6379"
db => "6"
data_type => "list"
key => "apache-accesslog"
}
if [type] == "es-log"{
redis {
host => "192.168.56.12"
port => "6379"
db => "6"
data_type => "list"
key => "es-log"
}
}
}
啓動logstashruby
[root@linux-node1 /etc/logstash/conf.d]# /opt/logstash/bin/logstash -f apache.conf Settings: Default pipeline workers: 4 Pipeline main started
在redis上查看是否已經寫入數據,鏈接redis,選擇db 6,執行keys *
192.168.56.12:6379[6]> keys *
1) "es-log"
2) "demo"
3) "apache-accesslog"
192.168.56.12:6379[6]> llen es-log
(integer) 44
192.168.56.12:6379[6]> lindex es-log -1
"{\"@timestamp\":\"2016-09-04T20:34:23.717Z\",\"message\":\"[2016-09-05 03:52:18,878][INFO ][cluster.routing.allocation] [linux-node1] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[system-log-2016.09][3]] ...]).\",\"@version\":\"1\",\"path\":\"/var/log/elasticsearch/myes.log\",\"host\":\"linux-node1\",\"type\":\"es-log\"}"
192.168.56.12:6379[6]> llen apache-acccesslog
(integer) 0
192.168.56.12:6379[6]> lindex apache-accesslog -1
"{\"message\":\"papapapa\",\"@version\":\"1\",\"@timestamp\":\"2016-09-04T20:46:03.164Z\",\"path\":\"/var/log/httpd/access_log\",\"host\":\"linux-node1\",\"type\":\"apache-accesslog\"}"
能夠看到不只能收取apache-accesslog,還能收入es-log
三、實現從redis讀取數據
在192.168.56.12上編寫/etc/logstash/conf.d/input_redis.conf配置文件,並打印到標準輸出
[root@linux-node2 conf.d]# cat input_redis.conf
input{
redis {
type => "apache-accesslog"
host => "192.168.56.12"
port => "6379"
db => "6"
data_type => "list"
key => "apache-accesslog"
}
redis {
type => "es-log"
host => "192.168.56.12"
port => "6379"
db => "6"
data_type => "list"
key => "es-log"
}
}
output{
stdout {
codec => rubydebug
}
}
啓動logstash,logstash啓動後,從redis讀取的日誌內容會當即打印到標準輸出
[root@linux-node2 conf.d]# /opt/logstash/bin/logstash -f input_redis.conf
Settings: Default pipeline workers: 1
Pipeline main started
{
"message" => "::1 - - [05/Sep/2016:03:28:31 +0800] \"OPTIONS * HTTP/1.0\" 200 - \"-\" \"Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5 (internal dummy connection)\"",
"@version" => "1",
"@timestamp" => "2016-09-04T20:34:22.928Z",
"path" => "/var/log/httpd/access_log",
"host" => "linux-node1",
"type" => "apache-accesslog"
}
{
"message" => "::1 - - [05/Sep/2016:03:28:31 +0800] \"OPTIONS * HTTP/1.0\" 200 - \"-\" \"Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5 (internal dummy connection)\"",
"@version" => "1",
"@timestamp" => "2016-09-04T20:34:23.266Z",
"path" => "/var/log/httpd/access_log",
"host" => "linux-node1",
"type" => "apache-accesslog"
}
{
"@timestamp" => "2016-09-04T20:34:22.942Z",
"message" => "[2016-09-05 01:06:18,066][WARN ][monitor.jvm ] [linux-node1] [gc][young][10361][1114] duration [8.4s], collections [1]/[8.5s], total [8.4s]/[27.8s], memory [172.1mb]->[108.5mb]/[990.7mb], all_pools {[young] [66.4mb]->[1.5mb]/[266.2mb]}{[survivor] [3.8mb]->[4.9mb]/[33.2mb]}{[old] [101.8mb]->[102.2mb]/[691.2mb]}",
"@version" => "1",
"path" => "/var/log/elasticsearch/myes.log",
"host" => "linux-node1",
"type" => "es-log"
}
{
"@timestamp" => "2016-09-04T20:34:23.277Z",
"message" => "[2016-09-05 03:39:50,356][INFO ][node ] [linux-node1] stopping ...",
"@version" => "1",
"path" => "/var/log/elasticsearch/myes.log",
"host" => "linux-node1",
"type" => "es-log"
}
四、格式化apache的日誌
使用filter插件中的grok插件,格式化apache日誌
[root@linux-node2 conf.d]# cat input_redis.conf
input{
redis {
type => "apache-accesslog"
host => "192.168.56.12"
port => "6379"
db => "6"
data_type => "list"
key => "apache-accesslog"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
output{
stdout {
codec => rubydebug
}
}
從新啓動logstash,並查看標準輸出,日誌內容已變成json格式
[root@linux-node2 conf.d]# /opt/logstash/bin/logstash -f input_redis.conf
Settings: Default pipeline workers: 1
Pipeline main started
{
"message" => "192.168.56.1 - - [05/Sep/2016:05:31:39 +0800] \"GET / HTTP/1.1\" 200 67 \"-\" \"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36\"",
"@version" => "1",
"@timestamp" => "2016-09-04T21:31:40.819Z",
"path" => "/var/log/httpd/access_log",
"host" => "linux-node1",
"type" => "apache-accesslog",
"clientip" => "192.168.56.1",
"ident" => "-",
"auth" => "-",
"timestamp" => "05/Sep/2016:05:31:39 +0800",
"verb" => "GET",
"request" => "/",
"httpversion" => "1.1",
"response" => "200",
"bytes" => "67",
"referrer" => "\"-\"",
"agent" => "\"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36\""
}
{
"message" => "192.168.56.1 - - [05/Sep/2016:05:31:40 +0800] \"GET /favicon.ico HTTP/1.1\" 404 209 \"http://192.168.56.11:81/\" \"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36\"",
"@version" => "1",
"@timestamp" => "2016-09-04T21:31:40.825Z",
"path" => "/var/log/httpd/access_log",
"host" => "linux-node1",
"type" => "apache-accesslog",
"clientip" => "192.168.56.1",
"ident" => "-",
"auth" => "-",
"timestamp" => "05/Sep/2016:05:31:40 +0800",
"verb" => "GET",
"request" => "/favicon.ico",
"httpversion" => "1.1",
"response" => "404",
"bytes" => "209",
"referrer" => "\"http://192.168.56.11:81/\"",
"agent" => "\"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36\""
}
五、實現經過redis收取日誌
分別在192.168.56.11和192.168.56.12上面啓動redis,在192.168.56.11上實現讀取日誌apache日誌到redis,在192.168.56.12實現從redis讀數據,並轉爲json格式,而後寫入es
在192.168.56.11上的配置文件
[root@linux-node1 /var/log/httpd]# cat /etc/logstash/conf.d/apache.conf
input {
file {
path => "/var/log/httpd/access_log"
start_position => "beginning"
type => "apache-accesslog"
}
}
output {
if [type] == "apache-accesslog" {
redis {
host => "192.168.56.12"
port => "6379"
db => "6"
data_type => "list"
key => "apache-accesslog"
}
}
}
在192.168.56.12上的配置文件
[root@linux-node2 conf.d]# cat in_redis_out.conf
input{
redis {
type => "apache-accesslog"
host => "192.168.56.12"
port => "6379"
db => "6"
data_type => "list"
key => "apache-accesslog"
}
}
filter {
if [tyep] == "apache-accesslog"{
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
}
output{
if [type] == "apache-accesslog"{
elasticsearch {
hosts => ["192.168.56.11:9200"]
index => "apache-accesslog-%{+YYYY.MM.dd}"
}
}
}
啓動logstash
[root@linux-node1 /etc/logstash/conf.d]# /opt/logstash/bin/logstash -f apache.conf Settings: Default pipeline workers: 4 Pipeline main started
[root@linux-node2 conf.d]# /opt/logstash/bin/logstash -f in_redis_out.conf Settings: Default pipeline workers: 1 Pipeline main started
注意:爲了便於測試,我都是在前臺啓動;若是執行/etc/init.d/logstash start命令,這樣會把目錄/etc/logstash/conf.d/下的全部配置文件都加載,會對測試形成干擾。
六、經過ES查看日誌內容
訪問192.168.56.11上面的apache,以便於產生訪問日誌。
接下來訪問http://192.168.56.11:9200/_plugin/head
咱們能夠看到apache-accesslog-2016.09.04的索引已經產生,如圖所示:
點擊數據瀏覽
相關文章
- 1. ELK之使用消息隊列收取日誌
- 2. ELK之使用kafka做爲消息隊列收集日誌
- 3. ELK之消息隊列選擇redis_kafka_rabbitmq
- 4. 消息隊列系列:Rabbitmq Trace 日誌的使用
- 5. ELK日誌處理之使用logstash收集log4J日誌
- 6. ELK日誌收集
- 7. [日誌收集]-ELK
- 8. 日誌收集 - ELK
- 9. elk日誌收集
- 10. 使用ELK收集k8s集羣日誌
- 更多相關文章...
- • C# 隊列(Queue) - C#教程
- • HTTP 消息結構 - HTTP 教程
- • Composer 安裝與使用
- • 使用Rxjava計算圓周率
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 字節跳動21屆秋招運營兩輪面試經驗分享
- 2. Java 3 年,25K 多嗎?
- 3. mysql安裝部署
- 4. web前端開發中父鏈和子鏈方式實現通信
- 5. 3.1.6 spark體系之分佈式計算-scala編程-scala中trait特性
- 6. dataframe2
- 7. ThinkFree在線
- 8. 在線畫圖
- 9. devtools熱部署
- 10. 編譯和鏈接
歡迎關注本站公眾號,獲取更多信息
相關文章