1. 下载filebeat
ELK 体系里面 beats是log收集的模块,相当于garafana监控系统里面的各种agent,beats里面分为多种beat, 分为filebeat,
Packetbeat 和Metricbeat。 这次我们只是log分析,安装filebeat就可以了
tar -zxvf filebeat-6.5.4-linux-x86_64.tar.gz
2. 修改filebeat.yml 文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97
| 1. #vi filebeat.yml 2. filebeat.inputs: 3. 4. # Each - is an input. Most options can be set at the input level, so 5. # you can use different inputs for various configurations. 6. # Below are the input specific configurations. 7. 8. - type: log 9. enabled: true 10. paths: 11. - /usr/local/a2p/log/*.log 12. encoding: utf-8 13. document_type: sms_system_log 14. multiline.pattern: ^20 15. multiline.negate: true 16. multiline.match: after 17. 18. - type: log 19. enabled: true 20. paths: 21. - /usr/local/a2p/log/*.cdr.* 22. encoding: utf-8 23. document_type: sms_cdr 24. multiline.pattern: ^20 25. multiline.negate: true 26. multiline.match: after 27. 28. name: "HK_SMS_184" 29. 30. #output.elasticsearch: #必须注释了 31. # Array of hosts to connect to. 32. # hosts: ["localhost:9200"] # 必须注释了 33. 34. output.logstash: 35. # The Logstash hosts 36. hosts: ["172.31.216.34:5044"]
|
3. 启动filebeat
1 2 3 4 5 6 7 8 9 10 11 12 13 14
| 1. # more start.sh 2. #!/usr/bin/bash 3. 4. basepath=$(cd `dirname $0`; pwd) 5. nohup ./filebeat -c filebeat.yml -path.logs $basepath/logs &
|
到此为止,整个日志系统的监控平台安装完毕,后期将会慢慢研究怎么用的更好。