如何使用 Graylog 监控 elasticsearch 的日志?
How do I monitor elasticsearch's logs using Graylog?
我需要使用graylog 监控elasticsearch 的日志。我设置了 graylog,但我对使用哪种输入类型来监视 elasticserach 的日志文件感到困惑。
看看这些说明:https://gist.github.com/joschi/e5d50048ddbcef038df9c4527b653ea9
- 下载并解压 Elasticsearch
下载logstash-gelf和json-simple到Elasticsearch的./lib目录:
cd /path/to/elasticsearch/
pushd ./lib
wget http://central.maven.org/maven2/com/googlecode/json-simple/json-simple/1.1.1/json-simple-1.1.1.jar \
http://central.maven.org/maven2/biz/paluch/logging/logstash-gelf/1.10.0/logstash-gelf-1.10.0.jar
popd
将 logstash-gelf appender 添加到 config/logging.yml:
# you can override this using by setting a system property, for example -Des.logger.level=DEBUG
es.logger.level: INFO
rootLogger: ${es.logger.level}, console, file, gelf
logger:
# [...]
appender:
# [...]
gelf:
type: biz.paluch.logging.gelf.log4j.GelfLogAppender
Host: "udp:127.0.0.1"
Port: 12201
Facility: elasticsearch
ExtractStackTrace: true
FilterStackTrace: true
IncludeFullMdc: true
启动 Elasticsearch
备注
如果 Graylog 不是 运行 或配置的 GELF 主机不可访问,您将在启动时看到以下错误消息。
它们可以被忽略并且特定于 GELF appender(其他人可能会抛出其他异常或 none):
[2016-06-22 16:31:46,451][INFO ][node ] [Jonothon Starsmore] version[2.3.2], pid[30390], build[b9e4a6a/2016-04-21T16:03:47Z]
[2016-06-22 16:31:46,462][INFO ][node ] [Jonothon Starsmore] initializing ...
log4j:ERROR null
java.io.IOException: Cannot send data to /127.0.0.1:12201
at biz.paluch.logging.gelf.intern.sender.GelfUDPSender.sendDatagrams(GelfUDPSender.java:59)
at biz.paluch.logging.gelf.intern.sender.GelfUDPSender.sendMessage(GelfUDPSender.java:49)
at biz.paluch.logging.gelf.log4j.GelfLogAppender.append(GelfLogAppender.java:95)
at org.apache.log4j.AppenderSkeleton.doAppend(AppenderSkeleton.java:251)
at org.apache.log4j.helpers.AppenderAttachableImpl.appendLoopOnAppenders(AppenderAttachableImpl.java:66)
at org.apache.log4j.Category.callAppenders(Category.java:206)
at org.apache.log4j.Category.forcedLog(Category.java:391)
at org.apache.log4j.Category.log(Category.java:856)
at org.elasticsearch.common.logging.log4j.Log4jESLogger.internalInfo(Log4jESLogger.java:120)
at org.elasticsearch.common.logging.support.AbstractESLogger.info(AbstractESLogger.java:81)
at org.elasticsearch.node.Node.<init>(Node.java:151)
at org.elasticsearch.node.Node.<init>(Node.java:140)
at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:178)
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:270)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)
Caused by: java.net.PortUnreachableException
at sun.nio.ch.DatagramDispatcher.write0(Native Method)
at sun.nio.ch.DatagramDispatcher.write(DatagramDispatcher.java:51)
at sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:93)
at sun.nio.ch.IOUtil.write(IOUtil.java:65)
at sun.nio.ch.DatagramChannelImpl.write(DatagramChannelImpl.java:605)
at biz.paluch.logging.gelf.intern.sender.GelfUDPSender.sendDatagrams(GelfUDPSender.java:56)
... 15 more
我需要使用graylog 监控elasticsearch 的日志。我设置了 graylog,但我对使用哪种输入类型来监视 elasticserach 的日志文件感到困惑。
看看这些说明:https://gist.github.com/joschi/e5d50048ddbcef038df9c4527b653ea9
- 下载并解压 Elasticsearch
下载logstash-gelf和json-simple到Elasticsearch的
./lib目录:cd /path/to/elasticsearch/ pushd ./lib wget http://central.maven.org/maven2/com/googlecode/json-simple/json-simple/1.1.1/json-simple-1.1.1.jar \ http://central.maven.org/maven2/biz/paluch/logging/logstash-gelf/1.10.0/logstash-gelf-1.10.0.jar popd将 logstash-gelf appender 添加到
config/logging.yml:# you can override this using by setting a system property, for example -Des.logger.level=DEBUG es.logger.level: INFO rootLogger: ${es.logger.level}, console, file, gelf logger: # [...] appender: # [...] gelf: type: biz.paluch.logging.gelf.log4j.GelfLogAppender Host: "udp:127.0.0.1" Port: 12201 Facility: elasticsearch ExtractStackTrace: true FilterStackTrace: true IncludeFullMdc: true启动 Elasticsearch
备注
如果 Graylog 不是 运行 或配置的 GELF 主机不可访问,您将在启动时看到以下错误消息。 它们可以被忽略并且特定于 GELF appender(其他人可能会抛出其他异常或 none):
[2016-06-22 16:31:46,451][INFO ][node ] [Jonothon Starsmore] version[2.3.2], pid[30390], build[b9e4a6a/2016-04-21T16:03:47Z]
[2016-06-22 16:31:46,462][INFO ][node ] [Jonothon Starsmore] initializing ...
log4j:ERROR null
java.io.IOException: Cannot send data to /127.0.0.1:12201
at biz.paluch.logging.gelf.intern.sender.GelfUDPSender.sendDatagrams(GelfUDPSender.java:59)
at biz.paluch.logging.gelf.intern.sender.GelfUDPSender.sendMessage(GelfUDPSender.java:49)
at biz.paluch.logging.gelf.log4j.GelfLogAppender.append(GelfLogAppender.java:95)
at org.apache.log4j.AppenderSkeleton.doAppend(AppenderSkeleton.java:251)
at org.apache.log4j.helpers.AppenderAttachableImpl.appendLoopOnAppenders(AppenderAttachableImpl.java:66)
at org.apache.log4j.Category.callAppenders(Category.java:206)
at org.apache.log4j.Category.forcedLog(Category.java:391)
at org.apache.log4j.Category.log(Category.java:856)
at org.elasticsearch.common.logging.log4j.Log4jESLogger.internalInfo(Log4jESLogger.java:120)
at org.elasticsearch.common.logging.support.AbstractESLogger.info(AbstractESLogger.java:81)
at org.elasticsearch.node.Node.<init>(Node.java:151)
at org.elasticsearch.node.Node.<init>(Node.java:140)
at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:178)
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:270)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)
Caused by: java.net.PortUnreachableException
at sun.nio.ch.DatagramDispatcher.write0(Native Method)
at sun.nio.ch.DatagramDispatcher.write(DatagramDispatcher.java:51)
at sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:93)
at sun.nio.ch.IOUtil.write(IOUtil.java:65)
at sun.nio.ch.DatagramChannelImpl.write(DatagramChannelImpl.java:605)
at biz.paluch.logging.gelf.intern.sender.GelfUDPSender.sendDatagrams(GelfUDPSender.java:56)
... 15 more