使用 Tshark 和 Flume 捕获网络流量
Capturing networking traffic using Tshark and Flume
大家好,我正在尝试使用 tshark 捕获网络流量,我正在使用 apache flume 将这些结果发送到 spark。
问题是当我在 flume 的配置 flume 中使用 exec 源时它不起作用它在启动后立即停止
我的配置:
agent.sources = tsharkSource
agent.channels = memoryChannel
agentasinks = avroSink
# Configuring the sources to pull the bashes from Tshark
agent.sources.tsharkSource.type = exec
agent.sources.tsharkSource.command = tshark -T json
agent.sources.tsharkSource.channels = memoryChannel
# Configuring the sink to push logs to spark change hostname to 116's ip adress
agent.sinks.avroSink.type = avro
agent.sinks.avroSink.channel = memoryChannel
agent.sinks.avroSink.hostname = 192.168.1.112
agent.sinks.avroSink.port= 6969
# Configuring the memory channel
agent.channels.memoryChannel.type = memory
agent.channels.memoryChannel.capacity = 1000
agent.channels.memoryChannel.transactionCapacity = 100
shell 输出:
flume-ng agent -f conf/flume-conf.properties -n agent
Warning: No configuration directory set! Use --conf <dir> to override.
Info: Including Hive libraries found via () for Hive access
+ exec /usr/lib/jum/jaua-1.11.0-openjdk-amd64//bin/jaua -Xmx20m -cp
1/home/oshiflume/flume/apache-flume-1.8.0-bin/lib/*:/libfle -
Djava.library.path= org.apache.flume.node.Application -f conf/flume-
conf.properties -n agent
log4j:WARN No appenders could be found for logger (org.apache.flume.node.Application).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.htmlDnoconfig for more info.
你的执行命令是
flume-ng agent -f conf/flume-conf.properties -n agent
我看到这里有两个错误。首先,必须指定配置目录-c conf,一般flume配置文件命名为some-config.conf
控制台的警告是No configuration directory set! Use --conf,-c和--conf是一回事
您可能希望将配置文件从 flume-conf.properties 重命名为 flume.conf
作为解决方案,您可以尝试此命令:
flume-ng agent -c conf -f conf/flume.conf -n agent
如果要在执行后显示日志,请使用此命令
flume-ng agent -c conf -f conf/flume.conf -n agent -Dflume.root.logger=INFO,console
要显示日志 log4j.properties 必须作为 conf/log4j.properties 在您的 conf 目录中。
我的属性如下:
flume.root.logger=INFO,LOGFILE
flume.log.dir=./logs
flume.log.file=flume.log
log4j.logger.org.apache.flume.lifecycle = INFO
log4j.logger.org.jboss = WARN
log4j.logger.org.mortbay = INFO
log4j.logger.org.apache.avro.ipc.NettyTransceiver = WARN
log4j.logger.org.apache.hadoop = INFO
log4j.logger.org.apache.hadoop.hive = ERROR
# Define the root logger to the system property "flume.root.logger".
log4j.rootLogger=${flume.root.logger}
log4j.appender.LOGFILE=org.apache.log4j.RollingFileAppender
log4j.appender.LOGFILE.MaxFileSize=100MB
log4j.appender.LOGFILE.MaxBackupIndex=10
log4j.appender.LOGFILE.File=${flume.log.dir}/${flume.log.file}
log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout
log4j.appender.LOGFILE.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss,SSS} %-5p [%t] (%C.%M:%L) %x - %m%n
log4j.appender.DAILY=org.apache.log4j.rolling.RollingFileAppender
log4j.appender.DAILY.rollingPolicy=org.apache.log4j.rolling.TimeBasedRollingPolicy
log4j.appender.DAILY.rollingPolicy.ActiveFileName=${flume.log.dir}/${flume.log.file}
log4j.appender.DAILY.rollingPolicy.FileNamePattern=${flume.log.dir}/${flume.log.file}.%d{yyyy-MM-dd}
log4j.appender.DAILY.layout=org.apache.log4j.PatternLayout
log4j.appender.DAILY.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss,SSS} %-5p [%t] (%C.%M:%L) %x - %m%n
log4j.appender.console=org.apache.log4j.ConsoleAppender
log4j.appender.console.target=System.err
log4j.appender.console.layout=org.apache.log4j.PatternLayout
log4j.appender.console.layout.ConversionPattern=%d (%t) [%p - %l] %m%n
大家好,我正在尝试使用 tshark 捕获网络流量,我正在使用 apache flume 将这些结果发送到 spark。
问题是当我在 flume 的配置 flume 中使用 exec 源时它不起作用它在启动后立即停止
我的配置:
agent.sources = tsharkSource
agent.channels = memoryChannel
agentasinks = avroSink
# Configuring the sources to pull the bashes from Tshark
agent.sources.tsharkSource.type = exec
agent.sources.tsharkSource.command = tshark -T json
agent.sources.tsharkSource.channels = memoryChannel
# Configuring the sink to push logs to spark change hostname to 116's ip adress
agent.sinks.avroSink.type = avro
agent.sinks.avroSink.channel = memoryChannel
agent.sinks.avroSink.hostname = 192.168.1.112
agent.sinks.avroSink.port= 6969
# Configuring the memory channel
agent.channels.memoryChannel.type = memory
agent.channels.memoryChannel.capacity = 1000
agent.channels.memoryChannel.transactionCapacity = 100
shell 输出:
flume-ng agent -f conf/flume-conf.properties -n agent
Warning: No configuration directory set! Use --conf <dir> to override.
Info: Including Hive libraries found via () for Hive access
+ exec /usr/lib/jum/jaua-1.11.0-openjdk-amd64//bin/jaua -Xmx20m -cp
1/home/oshiflume/flume/apache-flume-1.8.0-bin/lib/*:/libfle -
Djava.library.path= org.apache.flume.node.Application -f conf/flume-
conf.properties -n agent
log4j:WARN No appenders could be found for logger (org.apache.flume.node.Application).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.htmlDnoconfig for more info.
你的执行命令是
flume-ng agent -f conf/flume-conf.properties -n agent
我看到这里有两个错误。首先,必须指定配置目录-c conf,一般flume配置文件命名为some-config.conf
控制台的警告是No configuration directory set! Use --conf,-c和--conf是一回事
您可能希望将配置文件从 flume-conf.properties 重命名为 flume.conf
作为解决方案,您可以尝试此命令:
flume-ng agent -c conf -f conf/flume.conf -n agent
如果要在执行后显示日志,请使用此命令
flume-ng agent -c conf -f conf/flume.conf -n agent -Dflume.root.logger=INFO,console
要显示日志 log4j.properties 必须作为 conf/log4j.properties 在您的 conf 目录中。
我的属性如下:
flume.root.logger=INFO,LOGFILE
flume.log.dir=./logs
flume.log.file=flume.log
log4j.logger.org.apache.flume.lifecycle = INFO
log4j.logger.org.jboss = WARN
log4j.logger.org.mortbay = INFO
log4j.logger.org.apache.avro.ipc.NettyTransceiver = WARN
log4j.logger.org.apache.hadoop = INFO
log4j.logger.org.apache.hadoop.hive = ERROR
# Define the root logger to the system property "flume.root.logger".
log4j.rootLogger=${flume.root.logger}
log4j.appender.LOGFILE=org.apache.log4j.RollingFileAppender
log4j.appender.LOGFILE.MaxFileSize=100MB
log4j.appender.LOGFILE.MaxBackupIndex=10
log4j.appender.LOGFILE.File=${flume.log.dir}/${flume.log.file}
log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout
log4j.appender.LOGFILE.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss,SSS} %-5p [%t] (%C.%M:%L) %x - %m%n
log4j.appender.DAILY=org.apache.log4j.rolling.RollingFileAppender
log4j.appender.DAILY.rollingPolicy=org.apache.log4j.rolling.TimeBasedRollingPolicy
log4j.appender.DAILY.rollingPolicy.ActiveFileName=${flume.log.dir}/${flume.log.file}
log4j.appender.DAILY.rollingPolicy.FileNamePattern=${flume.log.dir}/${flume.log.file}.%d{yyyy-MM-dd}
log4j.appender.DAILY.layout=org.apache.log4j.PatternLayout
log4j.appender.DAILY.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss,SSS} %-5p [%t] (%C.%M:%L) %x - %m%n
log4j.appender.console=org.apache.log4j.ConsoleAppender
log4j.appender.console.target=System.err
log4j.appender.console.layout=org.apache.log4j.PatternLayout
log4j.appender.console.layout.ConversionPattern=%d (%t) [%p - %l] %m%n