tomcat로그를 ELK를 이용해서 시각화 하는 작업들을 정리한다.
1. tomcat 설치 후 log경로 확인
C:\tomcat9\logs
2. filebeat7.0 설치 후 filebeat.yml 수정
#=========================== Filebeat inputs =============================
filebeat.inputs:
# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.
- type: log
# Change to true to enable this input configuration.
enabled: true <- true 수정
# Paths that should be crawled and fetched. Glob based paths.
paths:
- C:\tomcat9\logs\*.txt <- 톰켓 로그경로 수정
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["localhost:9200"] <- 주석해제
# Optional protocol and basic auth credentials.
#protocol: "https"
#username: "elastic"
#password: "changeme"
실행:
C:\filebeat-7.4.0\filebeat -e -c C:\filebeat-7.4.0\filebeat.yml -d "publish"
3.logstash 설치 후 logstash-tomcat.conf 파일작성
input {
beats {
port => "5044"
}
}
filter {
grok {
match => { "message" => ["%{IPORHOST:clientip} (?:-|%{USER:ident}) (?:-|%{USER:auth}) \[%{HTTPDATE:timestamp}\] \"(?:%{WORD:httpMethod} %{NOTSPACE:uri}(?: HTTP/%{NUMBER:httpversion})?|-)\" %{NUMBER:responseCode} (?:-|%{NUMBER:bytes}) (?:-|%{NUMBER:bytes2})( \"%{DATA:referrer}\")?( \"%{DATA:user-agent}\")?"] }
remove_field => ["timestamp","@version","path","tags","httpversion","bytes2"]
}
}
output {
elasticsearch{
hosts => "localhost:9200"
index => "index"
}
stdout{
codec => rubydebug{}
}
}
실행:
C:\logstash\bin\logstash -f C:\logstash\config_sample\logstash-tomcat.conf
4. ElasticsSearch(ELK) 설치
실행:
C:\elasticsearch-7.4.0\bin\elasticsearch.bat
5. Kibana 설치
실행:
C:\kibana-7.4.0\bin\elasticsearch.batkibana.bat
6. 브라우저 URL 실행
Kibana > Managment > Index Managentet 에
filebeat-7.x.x-날짜-xxxx 생성확인