ELK 日志系统搭建--监控Tomcat日志

1.tomcat日志存储格式是json

  `{
            "roleId": "10",
            "clientip": "127.0.0.1",
            "uripath": "/admin/garten/findCity.do",
            "timestamp": "2018-08-07 09:52:09",
            "username": "anveeno"
        }`

2.logstash添加解析文件 tomcat_access.conf (目录：/etc/logstash/conf.d/)

input {
        file {
            path => [ "/usr/local/*/*/usersAccess.log" ]
            start_position => "beginning"
            codec => json
        }
}
output {
         elasticsearch {
             hosts => ["*.*.*.*:9200"]
             index => "tomcat-access-%{username}"
        }
}`

3.配置完成后重启下logstash即可，命令如下：initctl restart logstash 或 service logstash restart
4.额外增加下：logstash解析数据过程中会将传输信息打印到日志（/var/log/logstash目录下），可以修改logstash.yml文件，修改日志等级，修改完成后重启即可

log.level: info