filebeat:
1.可以在本机网络日志
2.也可以长途网络日志
3.轻量级的日志网络体系,可以在非Java情况运行
logstash是在jvm情况中运行,资源斲丧很高,启动一个logstash必要斲丧500M左右的内存
filebeat只斲丧10M左右的内存
test3是装有logstash的主机,MySQL1是装有nginx,mysql,httpd的服务器
实现在test3上查察nginx,mysql,httpd的日志- #nginx的系统日志格式,filebeat可以直接识别。
- yum -y install nginx
- systemctl start nginx
- systemctl stop firewalld
- setenforce 0
- #解压缩
- rz -E
- filebeat-6.7.2-linux-x86_64.tar.gz
- tar -xf filebeat-6.7.2-linux-x86_64.tar.gz
- mv filebeat-6.7.2-linux-x86_64 /usr/local/filebeat
- cd /usr/local/filebeat
- ln -s /usr/local/filebeat/filebeat /usr/local/bin/filebeat
- ln -s /usr/local/filebeat/filebeat /usr/local/sbin/filebeat
- #进入配置文件
- vim filebeat.yml
- enable: true
- path:
- - /var/log/nginx/access.log
- - /var/log/nginx/error.log
- #开启日志收集,以及确定日志文本的路径,指定标签和发送到目标主机的logstash
- tags: ["nginx"]
- fields:
- service_name: 192.168.233.90_nginx
- log_type: nginx
- from: 192.168.233.90
- path:
- - /usr/local/nginx/logs/access.log
- - /usr/local/nginx/logs/error.log
- tags: ["mysqld"]
- fields:
- service_name: 192.168.233.90_mysqld
- log_type: mysqld
- from: 192.168.233.90
- path:
- - /usr/local/nginx/logs/access.log
- - /usr/local/nginx/logs/error.log
- tags: ["httpd"]
- fields:
- service_name: 192.168.233.90_httpd
- log_type: httpd
- from: 192.168.233.90
- #output.elasticsearch
- #hosts: ["localhost:9200"]
- output.logstash
- hosts: [192.168.233.30:5045]
- #在命令行输入,可以把运行的日志保存到指定文件
- nohup ./filebeat -e -c filebeat.yml > filebeat.out &
在test3上吸收,test3要有logshosts- vim nginx_90.conf
- input {
- beats {post => "5045"}
- }
- output {
- if "nginx" in [tags] {
- elasticsearch {
- hosts => ["192.168.233.10:9200","192.168.233.20:9200"]
- index => "%{[fields][service_name]}-%{+YYYY.MM.dd}"
- }
- }
-
- output {
- if "mysqld" in [tags] {
- elasticsearch {
- hosts => ["192.168.233.10:9200","192.168.233.20:9200"]
- index => "%{[fields][service_name]}-%{+YYYY.MM.dd}"
- }
- }
-
- output {
- if "httpd" in [tags] {
- elasticsearch {
- hosts => ["192.168.233.10:9200","192.168.233.20:9200"]
- index => "%{[fields][service_name]}-%{+YYYY.MM.dd}"
- }
- }
- }
- #启动 Logstash 并指定其配置文件和数据存储路径的命令
- logstash -f nginx_90.conf --path.data /opt/test3
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!qidao123.com:ToB企服之家,中国第一个企服评测及软件市场,开放入驻,技术点评得现金 |
发表于 2026-2-14 04:59:45