1. 配置log4j.properties

log4j.rootLogger=INFO,DEBUG,logstash
log4j.appender.logstash=org.apache.log4j.net.SocketAppender
log4j.appender.logstash.Port=4560
log4j.appender.logstash.RemoteHost=10.0.0.5
log4j.appender.logstash.ReconnetionDelay=60000
log4j.appender.logstash.LocationInfo=true


2. 修改logstash input组件(favblog-log4j.conf),将日志输出到Elasticsearch

input{
 log4j{
    host => "10.0.0.5"
    mode => "server"
    type => "log4j-json"
    port => 4560
 }
}
output{
    stdout{ codec => rubydebug }
    elasticsearch { hosts => ["10.0.0.5:9200"] }
}


3.启动Logstash

[root@Server bin]# ./logstash -f favblog-log4j.conf
Settings: Default pipeline workers: 4
log4j:WARN No appenders could be found for logger (org.apache.http.client.protocol.RequestAuthCache).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
Pipeline main started
{
        "message" => "*************************************Hello test!",
       "@version" => "1",
     "@timestamp" => "2016-05-31T07:24:34.989Z",
      "timestamp" => 1464679190253,
           "path" => "com.favccxx.favblog.platform.interceptor.FavInterceptor",
       "priority" => "INFO",
    "logger_name" => "com.favccxx.favblog.platform.interceptor.FavInterceptor",
         "thread" => "http-bio-8080-exec-2",
          "class" => "com.favccxx.favblog.platform.interceptor.FavInterceptor",
           "file" => "AppAuthorityInterceptor.java:65",
         "method" => "intercept",
           "host" => "10.0.0.115:54930",
           "type" => "log4j-json"
}
{
        "message" => "** errorInvokeKey:[MBGL-S]QemI2gBhHC",
       "@version" => "1",
     "@timestamp" => "2016-05-31T07:24:35.000Z",
      "timestamp" => 1464679190264,
           "path" => "com.favccxx.favblog.platform.interceptor.FavInterceptor",
       "priority" => "ERROR",
    "logger_name" => "com.favccxx.favblog.platform.interceptor.FavInterceptor",
         "thread" => "http-bio-8080-exec-2",
          "class" => "com.favccxx.favblog.platform.interceptor.FavInterceptor",
           "file" => "AppAuthorityInterceptor.java:140",
         "method" => "intercept",
           "host" => "10.0.0.115:54930",
           "type" => "log4j-json"
}
{
        "message" => "Exception occurred during processing request: Cannot create a session after the response has been committed",
       "@version" => "1",
     "@timestamp" => "2016-05-31T07:24:35.023Z",
      "timestamp" => 1464679190280,
           "path" => "org.apache.struts2.dispatcher.DefaultDispatcherErrorHandler",
       "priority" => "ERROR",
    "logger_name" => "org.apache.struts2.dispatcher.DefaultDispatcherErrorHandler",
         "thread" => "http-bio-8080-exec-2",
          "class" => "com.opensymphony.xwork2.util.logging.commons.CommonsLogger",
           "file" => "CommonsLogger.java:42",
         "method" => "error",
    "stack_trace" => "java.lang.IllegalStateException: Cannot create a session after the response has been committed\n\tat org.apache.catalina.connector.Request.doGetSession(Request.java:3013)\n\tat org.apache.catalina.connector.Request.getSession(Request.java:2385)\n\tat org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:897)\n\tat javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:229)\n\tat org.apache.struts2.dispatcher.SessionMap.put(SessionMap.java:182)\n\tat org.apache.struts2.interceptor.MessageStoreInterceptor.after(MessageStoreInterceptor.java:297)\n\tat org.apache.struts2.interceptor.MessageStoreInterceptor.intercept(MessageStoreInterceptor.java:198)\n\tat com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:244)\n\tat org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)\n\tat org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:564)\n\tat org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction(ExecuteOperations.java:81)\n\tat org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:99)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)\n\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)\n\tat org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)\n\tat org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)\n\tat org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)\n\tat org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)\n\tat java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)\n\tat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tat java.lang.Thread.run(Unknown Source)",
           "host" => "10.0.0.115:54930",
           "type" => "log4j-json"
}


4. 查询Log4j输出日志

http://10.0.0.5:9200/logstash-2016.05.31/_search?q=*&pretty%27

 在elasticsearch中查询到输出的log4j日志。