一、安装软件:
1、在要收集日志的机器上安装filebeat:
1)、下载安装:
cd /usr/local/src
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.3.3-linux-x86_64.tar.gz
tar xvf filebeat-5.3.3-linux-x86_64.tar.gz -C /usr/local
rm -f filebeat-5.3.3-linux-x86_64.tar.gz2)、增加配置文件:
mkdir -p /etc/filebeat
cat >/etc/filebeat/filebeat.yml << EOF
filebeat.prospectors:
- input_type: log
paths:
- /usr/local/wintel400/log/*.log
fields:
document_type: CTI02-wintel-log
tail_files: true
ignore_olde: 24h
output.logstash:
hosts: ["192.168.22.214:5044"]
EOF
注&#xff1a;增加各客户端的配置文件时修改document_type的值&#xff0c;还有日志收集的目录。
3)、启动&#xff08;调试时可以用前台启动&#xff09;&#xff1a;
/usr/local/filebeat-5.3.3-linux-x86_64/filebeat -e -c /etc/filebeat/filebeat.yml
nohup /usr/local/filebeat-5.3.3-linux-x86_64/filebeat -e -c /etc/filebeat/filebeat.yml
2、安装logstash&#xff1a;
1)、安装logstash&#xff08;需要安装java1.8&#xff09;&#xff1a;
cd /usr/local/src
wget https://artifacts.elastic.co/downloads/logstash/logstash-5.3.3.tar.gz
tar zxf logstash-5.3.3.tar.gz -C /usr/local/
rm -f /logstash-5.3.3.tar.gz
2)、增加配置文件&#xff1a;
mkdir /etc/logstash 配置文件见下面
3)、启动&#xff08;调试时先用前台启动&#xff09;&#xff1a;
/usr/local/logstash-5.3.3/bin/logstash -f /etc/logstash/
nohup /usr/local/logstash-5.3.3/bin/logstash -f /etc/logstash/ &
java1.8下载:
wget --no-COOKIEs --no-check-certificate --header "COOKIE: gpw_e24&#61;http%3A%2F%2Fwww.oracle.com%2F; oraclelicense&#61;accept-securebackup-COOKIE" "http://download.oracle.com/otn-pub/java/jdk/8u171-b11/512cd62ec5174c3487ac17c61aaa89e8/jdk-8u171-linux-x64.tar.gz"
logstash的配置文件&#xff1a;
input {beats {port &#61;> 5045}}
filter {if [fields][document_type] &#61;&#61; "WEB01-easycti-log" {mutate {add_field &#61;> [ "[&#64;metadata][zabbix_key]" , "EasyctiLog" ]add_field &#61;> [ "[&#64;metadata][zabbix_host]" , "HAI--WEB01" ]}}else if [fields][document_type] &#61;&#61; "WEB02-easycti-log" {mutate {add_field &#61;> [ "[&#64;metadata][zabbix_key]" , "EasyctiLog" ]add_field &#61;> [ "[&#64;metadata][zabbix_host]" , "HAI--WEB02" ]}}else if [fields][document_type] &#61;&#61; "WEB03-easycti-log" {mutate {add_field &#61;> [ "[&#64;metadata][zabbix_key]" , "EasyctiLog" ]add_field &#61;> [ "[&#64;metadata][zabbix_host]" , "HAI--WEB03" ]}}grok {match &#61;> {"message" &#61;> "\[%{GREEDYDATA:logtime}\] %{DATA:context}\.%{WORD:level}: %{GREEDYDATA:msg}"}}
}
output {if [level] &#61;~ /(ERR|error|ERROR)/ {zabbix {zabbix_host &#61;> "[&#64;metadata][zabbix_host]"zabbix_key &#61;> "[&#64;metadata][zabbix_key]"zabbix_server_host &#61;> "192.168.22.216"zabbix_server_port &#61;> "10051"zabbix_value &#61;> "message"}stdout { codec &#61;> rubydebug }}
}
input {beats {port &#61;> 5044}}filter { if [fields][document_type] &#61;&#61; "CTI01-wintel-log" {mutate {add_field &#61;> [ "[&#64;metadata][zabbix_key]" , "WintelLog" ]add_field &#61;> [ "[&#64;metadata][zabbix_host]" , "HAI--CTI01" ]}}else if [fields][document_type] &#61;&#61; "CTI02-wintel-log" {mutate {add_field &#61;> [ "[&#64;metadata][zabbix_key]" , "WintelLog" ]add_field &#61;> [ "[&#64;metadata][zabbix_host]" , "HAI--CTI02" ]}}grok {match &#61;> {"message" &#61;> "%{GREEDYDATA:logtime} \[%{WORD:level}] %{GREEDYDATA:msg}"}}
}
output {if [level] &#61;~ /(ERR|WARNING)/ {zabbix {zabbix_host &#61;> "[&#64;metadata][zabbix_host]"zabbix_key &#61;> "[&#64;metadata][zabbix_key]"zabbix_server_host &#61;> "192.168.22.216"zabbix_server_port &#61;> "10051"zabbix_value &#61;> "message"}stdout { codec &#61;> rubydebug }}
}
二、配置zabbix&#xff1a;
配置微信告警参考&#xff1a;http://www.cnblogs.com/kevingrace/p/5995875.html
1、配置zabbix&#xff0c;获取logstash发过来的日志&#xff1a;
1)、依次创建模板&#xff0c;应用集&#xff0c;监控项&#xff0c;触发器。
2)、创建应用集&#xff1a;
3)、创建监控项&#xff1a;
4)、创建触发器&#xff1a;
京公网安备 11010802041100号