1. 配置log4j.properties
log4j.rootLogger=INFO,DEBUG,logstash log4j.appender.logstash=org.apache.log4j.net.SocketAppender log4j.appender.logstash.Port=4560 log4j.appender.logstash.RemoteHost=10.0.0.5 log4j.appender.logstash.ReconnetionDelay=60000 log4j.appender.logstash.LocationInfo=true
2. 修改logstash input组件(favblog-log4j.conf),将日志输出到Elasticsearch
input{ log4j{ host => "10.0.0.5" mode => "server" type => "log4j-json" port => 4560 } } output{ stdout{ codec => rubydebug } elasticsearch { hosts => ["10.0.0.5:9200"] } }
3.启动Logstash
[root@Server bin]# ./logstash -f favblog-log4j.conf Settings: Default pipeline workers: 4 log4j:WARN No appenders could be found for logger (org.apache.http.client.protocol.RequestAuthCache). log4j:WARN Please initialize the log4j system properly. log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info. Pipeline main started { "message" => "*************************************Hello test!", "@version" => "1", "@timestamp" => "2016-05-31T07:24:34.989Z", "timestamp" => 1464679190253, "path" => "com.favccxx.favblog.platform.interceptor.FavInterceptor", "priority" => "INFO", "logger_name" => "com.favccxx.favblog.platform.interceptor.FavInterceptor", "thread" => "http-bio-8080-exec-2", "class" => "com.favccxx.favblog.platform.interceptor.FavInterceptor", "file" => "AppAuthorityInterceptor.java:65", "method" => "intercept", "host" => "10.0.0.115:54930", "type" => "log4j-json" } { "message" => "** errorInvokeKey:[MBGL-S]QemI2gBhHC", "@version" => "1", "@timestamp" => "2016-05-31T07:24:35.000Z", "timestamp" => 1464679190264, "path" => "com.favccxx.favblog.platform.interceptor.FavInterceptor", "priority" => "ERROR", "logger_name" => "com.favccxx.favblog.platform.interceptor.FavInterceptor", "thread" => "http-bio-8080-exec-2", "class" => "com.favccxx.favblog.platform.interceptor.FavInterceptor", "file" => "AppAuthorityInterceptor.java:140", "method" => "intercept", "host" => "10.0.0.115:54930", "type" => "log4j-json" } { "message" => "Exception occurred during processing request: Cannot create a session after the response has been committed", "@version" => "1", "@timestamp" => "2016-05-31T07:24:35.023Z", "timestamp" => 1464679190280, "path" => "org.apache.struts2.dispatcher.DefaultDispatcherErrorHandler", "priority" => "ERROR", "logger_name" => "org.apache.struts2.dispatcher.DefaultDispatcherErrorHandler", "thread" => "http-bio-8080-exec-2", "class" => "com.opensymphony.xwork2.util.logging.commons.CommonsLogger", "file" => "CommonsLogger.java:42", "method" => "error", "stack_trace" => "java.lang.IllegalStateException: Cannot create a session after the response has been committed\n\tat org.apache.catalina.connector.Request.doGetSession(Request.java:3013)\n\tat org.apache.catalina.connector.Request.getSession(Request.java:2385)\n\tat org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:897)\n\tat javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:229)\n\tat org.apache.struts2.dispatcher.SessionMap.put(SessionMap.java:182)\n\tat org.apache.struts2.interceptor.MessageStoreInterceptor.after(MessageStoreInterceptor.java:297)\n\tat org.apache.struts2.interceptor.MessageStoreInterceptor.intercept(MessageStoreInterceptor.java:198)\n\tat com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:244)\n\tat org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)\n\tat org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:564)\n\tat org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction(ExecuteOperations.java:81)\n\tat org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:99)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)\n\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)\n\tat org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)\n\tat org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)\n\tat org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)\n\tat org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)\n\tat java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)\n\tat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tat java.lang.Thread.run(Unknown Source)", "host" => "10.0.0.115:54930", "type" => "log4j-json" }
4. 查询Log4j输出日志
http://10.0.0.5:9200/logstash-2016.05.31/_search?q=*&pretty%27
在elasticsearch中查询到输出的log4j日志。