1 安装tomcat

[root@node4 ~]# yum -y install tomcat tomcat-webapps tomcat-admin-webapps tomcat-docs-webapp tomcat-javadoc

[root@node4 ~]# systemctl start tomcat

[root@node4 ~]# systemctl status tomcat

[root@node4 ~]# netstat -ntlp|grep 8080

2 访问生成日志

访问http://192.168.132.134:8080/

点击页面，就可以产生日志

[root@node4 ~]#  tail  -f /var/log/tomcat/localhost_access_log.2020-01-19.txt

3 转换日志格式

把tomcat日志转换成json格式

[root@node4 ~]# vim /etc/tomcat/server.xml

原格式

修改：

    <!-- SingleSignOn valve, share authentication between web applications  
         Documentation at: /docs/config/valve.html -->  
    <!--  
    <Valve className="org.apache.catalina.authenticator.SingleSignOn" />  
    -->

    <!-- Access log processes all example.  
         Documentation at: /docs/config/valve.html  
         Note: The pattern used is equivalent to using pattern="common" -->  
    <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"  
           prefix="localhost\_access\_log." suffix=".txt"  
           pattern="{&quot;client&quot;:&quot;%h&quot;,  &quot;client user&quot;:&quot;%l&quot;,   &quot;authenticated&quot;:&quot;%u&quot;,   &quot;access time&quot;:&quot;%t&quot;,     &quot;method&quot;:&quot;%r&quot;,   &quot;status&quot;:&quot;%s&quot;,  &quot;send bytes&quot;:&quot;%b&quot;,  &quot;Query?string&quot;:&quot;%q&quot;,  &quot;partner&quot;:&quot;%{Referer}i&quot;,  &quot;Agent version&quot;:&quot;%{User-Agent}i&quot;}"/>  
  </Host>

重启

[root@node4 ~]# > /var/log/tomcat/localhost_access_log.2020-01-19.txt

[root@node4 ~]# systemctl restart tomcat

4 查看日志

[root@node4 ~]# tail -f /var/log/tomcat/localhost_access_log.2020-01-19.txt|jq .

5 filebeat收集日志

配置filebeat收集

filebeat.inputs:
#####################################################

Nginx log

#####################################################

• type: log
  enabled: true
  paths:

  • /usr/local/nginx/logs/access.log
    json.key_under_root: true
    json.overwrite_keys: true
    tags: ["access"]

• type: log
  enabled: true
  paths:

  • /usr/local/nginx/logs/error.log
    tags: ["error"]

#####################################################

tomcat log

#####################################################

• type: log enabled: true paths:
  • /var/log/tomcat/localhost_access_log.*.txt
    json.key_under_root: true
    json.overwrite_keys: true
    tags: ["tomcat"]

#####################################################

Output

#####################################################
setup.kibana:
host: "192.168.132.131:5601"
output.elasticsearch:
hosts: ["192.168.132.131:9200","192.168.132.132:9200","192.168.132.133:9200"]
#index: "nginx-%{[agent.version]}-%{+yyyy.MM.dd}"
indices:
- index: "access-%{[agent.version]}-%{+yyyy.MM.dd}"
when.contains:
tags: "access"
- index: "error-%{[agent.version]}-%{+yyyy.MM.dd}"
when.contains:
tags: "error"
- index: "tomcat-access-%{[agent.version]}-%{+yyyy.MM.dd}"
when.contains:
tags: "tomcat"

[root@node4 ~]# systemctl restart filebeat

已经配置成功

6 日志收集查看

详细日志

{
"_index": "tomcat-access-7.4.2-2020.01.19",
"_type": "_doc",
"_id": "HFExvW8BOF7DoSFdom7C",
"_version": 1,
"_score": 1,
"_source": {
"@timestamp": "2020-01-19T09:45:42.999Z",
"log": {
"offset": 412,
"file": {
"path": "/var/log/tomcat/localhost_access_log.2020-01-19.txt"
}
},
"json": {
"access time": "[19/Jan/2020:04:35:49 -0500]",
"send bytes": "945945",
"Query?string": "",
"Agent version": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36",
"authenticated": "-",
"partner": "http://192.168.132.134:8080/",
"client user": "-",
"method": "GET /docs/changelog.html HTTP/1.1",
"client": "192.168.132.1",
"status": "200"
},
"tags": [
"tomcat"
],
"input": {
"type": "log"
},
"host": {
"name": "node4"
},
"agent": {
"hostname": "node4",
"id": "bb3818f9-66e2-4eb2-8f0c-3f35b543e025",
"version": "7.4.2",
"type": "filebeat",
"ephemeral_id": "72970b03-e7a4-4529-b9ec-8134e563d395"
},
"ecs": {
"version": "1.1.0"
}
}
}

kibana查看

tomcat日志收集完成