journalbeat: 读取journald日志,journalctl命令看到的日志都收集了
本文采取的是将日志存到redis(也可以logstash kafka es),然后logstash从redis取数据
logstash往redis里面取这个步骤就省略了
下载二进制包:
https://github.com/mheese/journalbeat/releases
journalbeat地址: https://github.com/mheese/journalbeat.
配置文件参考源码包里的etc目录下的:journalbeat.yml
例如:journalbeat.yml
journalbeat:
name:
output.redis:
enabled: true
hosts: ["172.16.1.200"]
port: 6379
key: systemd_log #写入到redis的key
logging.level: debug
logging.to_files: true
logging.files:
创建相关目录
mkdir /etc/journalbeat /data/journalbeat/home /data/log/journalbeat /data/journalbeat/data
cp journalbeat /usr/local/bin/
加入开机启动
cat /lib/systemd/system/journalbeat.service
[Unit]
Description = journalbeat service
Documentation = https://github.com/mheese/journalbeat/blob/master/README.md
Wants = network-online.target
After = network-online.target
[Service]
User = root
Group = root
Type = simple
ExecReload = /bin/kill -HUP $MAINPID
ExecStart = /usr/local/bin/journalbeat -c /etc/journalbeat/journalbeat.yml -path.home /data/journalbeat/home -path.config /etc/journalbeat -path.data /data/journalbeat/data -path.logs /data/log/journalbeat
BlockIOAccounting = True
CPUAccounting = True
MemoryAccounting = True
TasksAccounting = True
PrivateDevices = False
PrivateNetwork = False
PrivateTmp = True
PrivateUsers = True
Restart = on-failure
RestartSec = 2
Slice = system.slice
TimeoutSec = 120
[Install]
WantedBy = multi-user.target
启动服务
systemctl daemon-reload
systemctl restart journalbeat.service
参考文档 https://zhuanlan.zhihu.com/p/29515184
systems参考文档 http://www.ruanyifeng.com/blog/2016/03/systemd-tutorial-commands.html
