1、Nginx 日志收集,先安装Nginx

cd /usr/local/logstash/config/etc/,创建如下配置文件,代码如下

Nginx.conf

input {
   file {
       type =>"nginx-access"
       path =>"/usr/local/nginx/logs/access.log"
   }
}
output {
    redis {
        host =>"localhost"
       port => 6379
        data_type =>"list"
        key =>"logstash"
   }
}  # 如果有redis可以如上添加
没有如下添加

output {

  elasticsearch {
        hosts=>"192.168.0.111"  #ES服务器IP地址
 }

}
                                                                                                             

启动nginx 和Nginx.conf 

nohup /usr/local/logstash/bin/logstash -f Nginx.conf &

/usr/local/nginx/sbin/nginx 

访问Web页面nginx,在es和kibana上都可以查看到系统日志

2、ELK收集Tomcat日志实战

先安装好tomcat并启动 然后cd /usr/local/logstash/config/etc/,创建如下配置文件,代码如下:

Tomcat.conf 

input {
   file {
       type =>"tomcat-access"
       path =>"/usr/local/tomcat/logs/catalina.out"
   }
}
output {
    redis {
        host =>"localhost"
        port => 6379
        data_type =>"list"
        key =>"logstash"
    }
}

output {

  elasticsearch {
        hosts=>"192.168.0.111"
 }

}

 启动 nohup /usr/local/logstash/bin/logstash -f Tomcat.conf & 

查看kibana 和elasticsearch-head查看日志