ELK설치 및 모니터링 테스트 2편
CENTOS 7에서 ELK(ELASTICSEARCH, LOGSTASH, KIBANA, Beats)를 구축하고 TOMCAT서버 를 실시간 모니터링 하는 방법을 설명합니다.
BEATS 설치
filebeat 다운로드
# wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.4.2-x86_64.rpm
filebeat 설치
# yum install filebeat-6.4.2-x86_64.rpm
filebeat 환경설정filebeat 다운로드
# wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.4.2-x86_64.rpm
filebeat 설치
# yum install filebeat-6.4.2-x86_64.rpm
filebeat 환경설정
filebeat.prospectors:
– input_type: log
paths:
– /home/min/apache-tomcat-7.0.91/logs/*.txt
output.logstash:
hosts: [“192.168.0.113:5044”]
filebeat 실행
# /usr/share/filebeat/bin/filebeat -e -c /etc/filebeat/filebeat.yml -d “publish”
ELK서버에서 logstash 실행
ELK서버에서 tomcat서버의 로그 수집을 위한 환경 설정
/usr/share/logstash/bin/logstash -f /etc/logstash/tomcat.conf
# [Beats input plugin]
# listen on port 5044 for incoming Beats connections
input {
beats {
port => 5044
}
}
# The filter part of this file is commented out to indicate that it is
# optional.
filter {
grok {
match => [ “message” , “%{IPV4:clientIP} – %{NOTSPACE:user} \[%{DATA:timestamp}\] \”%{WORD:method} %{NOTSPACE:request} HTTP/1.1\” %{NUMBER:status} %{NUMBER:bytesSent}” ]
}
geoip {
source => “clientip”
}
}
# [Elasticsearch output plugin]
# index into Elasticsearch
output {
elasticsearch {
hosts => “localhost:9200”
manage_template => false
index => “%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}”
}
}