ELK实现nginx mysqld httpd的日志收集

通过配置收集日志文件，发送到可视化页面

API接口：

软件内部代码之间通信的接口，代码的连接，代码之间调用的接口

端口是对外提供访问的接口

filebeat：

1、可以在本机收集日志

2、也可以远程收集日志

3、轻量级的日志系统，可以在非java环境运行

logstash实际在java环境中运行，资源消耗低，启动一个logstash要小号500M左右的内存

filebeat只消耗10M左右的内存

mysql nginx httpd

开一个MySQL在里面安装nginx httpd

[root@MySQL ~]# systemctl stop firewalld
[root@MySQL ~]# setenforce 0
[root@MySQL ~]# yum -y install nginx httpd
​
[root@MySQL opt]# vim /etc/my.cnf   #开启MySQL日志文件
general_log=ON
general_log_file=/usr/local/mysql/data/mysql_general.log
#重启
[root@MySQL opt]# systemctl restart mysqld
​
​
[root@MySQL opt]# vim /etc/nginx/nginx.confserver {listen       82;#listen       [::]:80;
[root@MySQL ~]# systemctl restart nginx
[root@MySQL ~]# systemctl restart httpd
​
[root@MySQL filebeat]# vim filebeat.yml 
- type: logenabled: truepaths:- /var/log/nginx/access.log- /var/log/nginx/error.logtags: ["nginx"]fields:servuce_name: 192.168.65.13_nginxlog_type: nginxfrom: 192.168.65.13
​
- type: logenabled: truepaths:- /var/log/httpd/access_log- /var/log/httpd/error_logtags: ["httpd"]fields:servuce_name: 192.168.65.13_httpdlog_type: httpdfrom: 192.168.65.13
​
- type: logenabled: truepaths:- /usr/local/mysql/data/mysql_general.logtags: ["mysqld"]fields:servuce_name: 192.168.65.13_myqldlog_type: mysqldfrom: 192.168.65.13
output.logstash:# The Logstash hostshosts: ["192.168.65.43:5046"]
​
​
[root@MySQL filebeat]# nohup ./filebeat -e -c filebeat.yml > filebeat.out &
[1] 23086
[root@MySQL filebeat]# nohup: 忽略输入重定向错误到标准输出端
​
​

[root@test43 conf.d]# vim nmh.conf
​
input {beats { port => "5046"}
}
output {
​if "nginx" in [tags] {elasticsearch  {hosts => ["192.168.65.44:9200","192.168.65.45:9200"]index => "%{[fields][service_name]}-%{+YYYY.MM.dd}"}}if "httpd" in [tags] {elasticsearch  {hosts => ["192.168.65.44:9200","192.168.65.45:9200"]index => "%{[fields][service_name]}-%{+YYYY.MM.dd}"}}if "mysqld" in [tags] {elasticsearch  {hosts => ["192.168.65.44:9200","192.168.65.45:9200"]index => "%{[fields][service_name]}-%{+YYYY.MM.dd}"}}
}
~        
​
[root@test43 conf.d]# logstash -f nmh.conf --path.data /opt/test1 &
[1] 54366
​
​
在浏览器访问：192.168.65.13:82
192.168.65.13
在xshell进数据库
​
​
然后在可视化页面刷新