LinuxÏÂʵÏÖÈÕÖ¾¾ÛºÏºÍͳ¼ÆµÄÒªÁìºÍ¼¼ÇÉ
linuxÏÂʵÏÖÈÕÖ¾¾ÛºÏºÍͳ¼ÆµÄÒªÁìºÍ¼¼ÇÉ
СÐò£º
ÔÚÓ¦ÓóÌÐòµÄ¿ª·¢ºÍά»¤Àú³ÌÖУ¬ÈÕÖ¾¼Í¼ÊÇÒ»ÏîºÜÊÇÖ÷ÒªµÄÊÂÇ顣ͨ¹ýÊä³öÈÕÖ¾£¬ÎÒÃÇ¿ÉÒÔʵʱ¼à¿ØÓ¦ÓóÌÐòµÄÔËÐÐ״̬¡¢ÅÅÅÌÎÊÌ⣬ÒÔ¼°¾ÙÐÐÐÔÄÜÆÊÎöºÍÓÅ»¯¡£È»¶ø£¬ÔÚ´óÐ͵ÄϵͳÖУ¬ÈÕÖ¾Îļþͨ³£»áÊèÉ¢ÔÚ²î±ðµÄЧÀÍÆ÷ÉÏ£¬¸øÈÕÖ¾²éÕÒºÍÆÊÎö´øÀ´ÁËÄÑÌâ¡£Òò´Ë£¬ÏàʶÔõÑùÔÚLinuxÏÂʵÏÖÈÕÖ¾¾ÛºÏºÍͳ¼ÆÊǺÜÊÇÐëÒªµÄ¡£
Ò»¡¢Ê¹ÓÃrsyslog¾ÙÐÐÈÕÖ¾ÍøÂ磺
rsyslogÊÇLinuxÉÏÒ»¿îÊ¢ÐеÄÈÕÖ¾ÖÎÀíÈí¼þ£¬¿ÉÒÔ×ÊÖúÎÒÃÇʵÏÖÈÕÖ¾µÄÍøÂç¡¢¹ýÂË¡¢´¦ÀíºÍת·¢¡£ÏÂÃæÊÇÒ»¸ö¼òÆÓµÄʹÓÃʾÀý£º
ÔÚЧÀÍÆ÷AÉÏ×°ÖÃrsyslog£º
$ sudo apt-get install rsyslog
ÉèÖÃrsyslog.confÎļþ£º
$ sudo vi /etc/rsyslog.conf
ÔÚÎļþÖÐÌí¼ÓÒÔÏÂÄÚÈÝ£º
Forward all logs to server B
. @serverBIP:514
ÖØÆôrsyslogЧÀÍ£º
$ sudo service rsyslog restart
ͨ¹ýÒÔÉÏÉèÖã¬Ð§ÀÍÆ÷AÉϵÄËùÓÐÈÕÖ¾¶¼»á±»·¢Ë͵½Ð§ÀÍÆ÷BÉϵÄ514¶Ë¿Ú¡£
¶þ¡¢Ê¹ÓÃELK Stack¾ÙÐÐÈÕÖ¾ÆÊÎö£º
ELK StackÊÇÒ»Ì×ÍêÕûµÄÈÕÖ¾ÆÊÎö½â¾ö¼Æ»®£¬°üÀ¨Elasticsearch¡¢LogstashºÍKibana¡£ÏÂÃæÊÇÒ»¸ö¼òÒªµÄʹÓÃʾÀý£º
×°ÖÃElasticsearch£º
$ sudo apt-get install default-jre
$ wget -qO – https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add –
$ sudo apt-get update && sudo apt-get install elasticsearch
ÉèÖÃElasticsearch£º
$ sudo vi /etc/elasticsearch/elasticsearch.yml
ÐÞ¸ÄÒÔÏÂÉèÖÃÏ
network.host: localhost
http.port: 9200
Æô¶¯ElasticsearchЧÀÍ£º
$ sudo service elasticsearch start
×°ÖÃLogstash£º
$ sudo apt-get install logstash
ÉèÖÃLogstash£º
$ sudo vi /etc/logstash/conf.d/logstash.conf
Ìí¼ÓÒÔÏÂÄÚÈÝ£º
input {
file {
path => "/var/log/nginx/access.log"
µÇ¼ºó¸´ÖÆ
}
}
output {
elasticsearch {
hosts => ["localhost:9200"] index => "nginx-access-logs"
µÇ¼ºó¸´ÖÆ
}
}
Æô¶¯LogstashЧÀÍ£º
$ sudo service logstash start
×°ÖÃKibana£º
$ wget -qO – https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add –
$ sudo apt-get install kibana
ÉèÖÃKibana£º
$ sudo vi /etc/kibana/kibana.yml
ÐÞ¸ÄÒÔÏÂÉèÖÃÏ
server.host: “localhost”
elasticsearch.url: “http://localhost:9200”
Æô¶¯KibanaЧÀÍ£º
$ sudo service kibana start
ͨ¹ýÒÔÉÏÉèÖúͰ취£¬ÎÒÃǾͿÉÒÔÔÚKibanaµÄWeb½çÃæÖÐʵʱÉó²éºÍÆÊÎöÈÕÖ¾Êý¾ÝÁË¡£
Èý¡¢Ê¹ÓÃAWK¾ÙÐÐÈÕ־ͳ¼Æ£º
AWKÊÇÒ»ÖÖÄܹ»ÊµÏÖÎÄÌìÖ°ÎöÓë´¦ÀíµÄÇ¿Ê¢¹¤¾ß£¬ÔÚÈÕ־ͳ¼ÆÖкÜÊÇÓÐÓá£ÏÂÃæÊÇÒ»¸ö¼òÆÓµÄʾÀý£º
ʹÓÃAWKÅÌËãÿ¸öIPµØµãµÄ»á¼û´ÎÊý£º
$ awk ‘{ print $1 }’ /var/log/nginx/access.log | sort | uniq -c
ʹÓÃAWKÅÌËãÿ¸öURLµÄ»á¼û´ÎÊý£º
$ awk ‘{ print $6 }’ /var/log/nginx/access.log | sort | uniq -c
ͨ¹ýÒÔÉÏÏÂÁÎÒÃÇ¿ÉÒÔÇáËɵØͳ¼Æ³öÿ¸öIPµØµãºÍURLµÄ»á¼û´ÎÊý¡£
×ܽ᣺
ÔÚlinuxÏÂʵÏÖÈÕÖ¾¾ÛºÏºÍͳ¼ÆµÄÒªÁìºÍ¼¼ÇÉÓÐÐí¶à£¬±¾ÎÄÏÈÈÝÁËʹÓÃrsyslog¡¢ELK StackºÍAWKµÈ¹¤¾ßµÄ¼òÆÓʾÀý¡£Í¨¹ýÕâЩ¹¤¾ß£¬ÎÒÃÇ¿ÉÒÔ¸üºÃµØÖÎÀíºÍÆÊÎöÈÕÖ¾£¬Ìá¸ßÓ¦ÓóÌÐòµÄÔËÐÐЧÂʺÍÎȹÌÐÔ¡£Ï£Íû±¾ÎĶÔÄúÓÐËù×ÊÖú£¡
ÒÔÉϾÍÊÇLinuxÏÂʵÏÖÈÕÖ¾¾ÛºÏºÍͳ¼ÆµÄÒªÁìºÍ¼¼ÇɵÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡