如何使用Graylog监控elasticsearch的日志?

时间:2016-06-21 05:52:24

标签: elasticsearch graylog2 graylog

我需要使用graylog来监控elasticsearch的日志。我设置了graylog,但我很困惑,使用哪种输入类型来监控elasticserach的日志文件。

1 个答案:

答案 0 :(得分:2)

请查看以下说明:https://gist.github.com/joschi/e5d50048ddbcef038df9c4527b653ea9

  • 下载并解压缩Elasticsearch
  • 将logstash-gelf和json-simple下载到Elasticsearch的{​​{1}}目录中:

    ./lib
  • 将logstash-gelf appender添加到cd /path/to/elasticsearch/ pushd ./lib wget http://central.maven.org/maven2/com/googlecode/json-simple/json-simple/1.1.1/json-simple-1.1.1.jar \ http://central.maven.org/maven2/biz/paluch/logging/logstash-gelf/1.10.0/logstash-gelf-1.10.0.jar popd

    config/logging.yml
  • 启动Elasticsearch

说明

如果Graylog未运行或配置的GELF主机无法访问,您将在启动时看到以下错误消息。 它们可以被忽略并且特定于GELF appender(其他人可能抛出其他异常或根本不抛出):

# you can override this using by setting a system property, for example -Des.logger.level=DEBUG
es.logger.level: INFO
rootLogger: ${es.logger.level}, console, file, gelf
logger:
  # [...]
appender:
  # [...]
  gelf:
    type: biz.paluch.logging.gelf.log4j.GelfLogAppender
    Host: "udp:127.0.0.1"
    Port: 12201
    Facility: elasticsearch
    ExtractStackTrace: true
    FilterStackTrace: true
    IncludeFullMdc: true