我需要使用graylog来监控elasticsearch的日志。我设置了graylog,但我很困惑,使用哪种输入类型来监控elasticserach的日志文件。
答案 0 :(得分:2)
请查看以下说明:https://gist.github.com/joschi/e5d50048ddbcef038df9c4527b653ea9
将logstash-gelf和json-simple下载到Elasticsearch的{{1}}目录中:
./lib将logstash-gelf appender添加到cd /path/to/elasticsearch/
pushd ./lib
wget http://central.maven.org/maven2/com/googlecode/json-simple/json-simple/1.1.1/json-simple-1.1.1.jar \
http://central.maven.org/maven2/biz/paluch/logging/logstash-gelf/1.10.0/logstash-gelf-1.10.0.jar
popd
:
config/logging.yml启动Elasticsearch
如果Graylog未运行或配置的GELF主机无法访问,您将在启动时看到以下错误消息。 它们可以被忽略并且特定于GELF appender(其他人可能抛出其他异常或根本不抛出):
# you can override this using by setting a system property, for example -Des.logger.level=DEBUG
es.logger.level: INFO
rootLogger: ${es.logger.level}, console, file, gelf
logger:
# [...]
appender:
# [...]
gelf:
type: biz.paluch.logging.gelf.log4j.GelfLogAppender
Host: "udp:127.0.0.1"
Port: 12201
Facility: elasticsearch
ExtractStackTrace: true
FilterStackTrace: true
IncludeFullMdc: true