更改filebast

2025-12-11 11:11:16 +08:00
parent 8288aad918
commit 7ad9956c5d
11 changed files with 269 additions and 16 deletions
--- a/ES/单节点/安装es.conf
+++ b/ES/单节点/安装es.conf
@@ -0,0 +1,143 @@
 # 前置 & 准备工作
 sudo dnf update -y
 sudo dnf install -y nano wget curl unzip
 # 安全组防火墙开放9200端口、5601端口
 # 安装 Elasticsearch 9.2.2
 # 导入官方 GPG key
 sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
 # 新建 yum repo 文件
 sudo tee /etc/yum.repos.d/elasticsearch.repo <<-'EOF'
 [elasticsearch]
 name=Elasticsearch repository for 9.x packages
 baseurl=https://artifacts.elastic.co/packages/9.x/yum
 gpgcheck=1
 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
 enabled=1
 autorefresh=1
 type=rpm-md
 EOF
 # 安装 Elasticsearch：
 sudo dnf install elasticsearch --enablerepo=elasticsearch
 # 先不管直接启动、报错再查看日志，有可能是权限问题
 sudo systemctl daemon-reload
 sudo systemctl enable elasticsearch
 sudo systemctl start elasticsearch
 sudo systemctl status elasticsearch
 sudo journalctl -u elasticsearch -f
 # 手动创建日志目录 + 设置权限
 sudo mkdir -p /usr/share/elasticsearch/logs
 sudo chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs
 sudo chmod 750 /usr/share/elasticsearch/logs
 # 设置 elastic 超级用户密码 (推荐立即设定)：
 sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
 # 查看自签名证书，有则正常
 ll /etc/elasticsearch/certs/
 # 查看 HTTP CA 证书指纹（用于其他客户端配置）
 sudo openssl x509 -fingerprint -sha256 -in /etc/elasticsearch/certs/http_ca.crt -noout
 # 设置环境变量（替换为你的实际密码）
 export ELASTIC_PASSWORD='MyElastic123!'
 # 测试 HTTPS 请求（必须用 --cacert，因启用了 TLS）
 curl --cacert /etc/elasticsearch/certs/http_ca.crt \
     -u elastic:$ELASTIC_PASSWORD \
     https://localhost:9200
 # 查看默认的配置文件
 grep -v '^\s*#\|^\s*$'   /etc/elasticsearch/elasticsearch.yml
 # 按实际情况修改配置文件集群名、非本地访问等
 cluster.name: my-test-es
 path.data: /var/lib/elasticsearch
 path.logs: /var/log/elasticsearch
 network.host: 0.0.0.0
 xpack.security.enabled: true
 xpack.security.enrollment.enabled: true
 xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12
 xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
 cluster.initial_master_nodes: ["weblessie-server-02"]
 http.host: 0.0.0.0
 # 更改es的jvm大小
 vim  /etc/elasticsearch/jvm.options
 -Xms4g
 -Xmx4g
 # 重启
 sudo systemctl restart elasticsearch
 # 准备token，后续在Kibana中使用
 sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
 # 准备安装 Kibana 9.2.2
 # 新建 repo /etc/yum.repos.d/kibana.repo
 sudo tee /etc/yum.repos.d/kibana.repo <<-'EOF'
 [kibana]
 name=Kibana repository for 9.x packages
 baseurl=https://artifacts.elastic.co/packages/9.x/yum
 gpgcheck=1
 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
 enabled=1
 autorefresh=1
 type=rpm-md
 EOF
 # 安装 Kibana：
 sudo dnf install kibana --enablerepo=kibana
 # 启动
 sudo systemctl daemon-reload
 sudo systemctl enable --now kibana
 # 访问 Kibana，输入生成的token
 http://ip:5601
 # 获取 “verification code”
 /usr/share/kibana/bin/kibana-verification-code
 # 使用官方工具生成加密密钥（最规范）
 sudo /usr/share/kibana/bin/kibana-encryption-keys generate --force
 # 输出应类似：
 # ✔ Encryption keys generated and written to /etc/kibana/kibana.yml:
 #     xpack.encryptedSavedObjects.encryptionKey
 #     xpack.reporting.encryptionKey
 #     xpack.security.encryptionKey
 # 修改配置文件
 grep -v '^\s*#\|^\s*$'   /etc/kibana/kibana.yml
 server.host: "0.0.0.0"
 logging:
  appenders:
    file:
      type: file
      fileName: /var/log/kibana/kibana.log
      layout:
        type: json
  root:
    appenders:
      - default
      - file
 pid.file: /run/kibana/kibana.pid
 i18n.locale: "zh-CN"
 elasticsearch.hosts: [https://10.0.0.38:9200]
 elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE3NjUzNDE4OTI3MjY6Um9KdUo2N1hSZVNPeGNzOXFDaUh2dw
 elasticsearch.ssl.certificateAuthorities: [/var/lib/kibana/ca_1765341893683.crt]
 xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: [https://10.0.0.38:9200], ca_trusted_fingerprint: 80af64db043e12ebda11c10f70042af91306a705fdcb6285814a84b420c734a5}]
 xpack.encryptedSavedObjects.encryptionKey: f10166c761265d5ca61e7fa2c1acac73
 xpack.reporting.encryptionKey: 1772a5152522675d5a38470e905b2817
 xpack.security.encryptionKey: d4b30e82e47f530a998e29cb0b8e5295
--- a/ES/单节点/证书使用示例.conf
+++ b/ES/单节点/证书使用示例.conf
@@ -0,0 +1,41 @@
 # 获取ES 的证书指纹
 sudo openssl x509 -fingerprint -sha256 -in /etc/elasticsearch/certs/http_ca.crt -noout
 sha256 Fingerprint=80:AF:64:DB:04:3E:12:EB:DA:11:C1:0F:70:04:2A:F9:13:06:A7:05:FD:CB:62:85:81:4A:84:B4:20:C7:34:A5
 # kibana web创建的用户
 admin
 G7ZSKFM4AQwHQpwA
 # Filebeat 
 output.elasticsearch:
  hosts: ["https://49.51.33.153:9200"]
  username: "elastic"
  password: "-0NiIBOJGn2CATuPWzNc"
  # 用指纹验证（代替证书文件）
  ssl.verification_mode: "certificate"
  ssl.certificate_authorities: []   # 留空（不校验完整链）
  ssl.supported_protocols: [TLSv1.2, TLSv1.3]
  # 关键：指定 CA 指纹（必须全大写，无 0x，带冒号）
  ssl.ca_trusted_fingerprint: "80AF64DB043E12EBDA11C10F70042AF91306A705FD2CB6285814A84B420C734A5"
 # python
 from elasticsearch import Elasticsearch
 es = Elasticsearch(
    hosts=["https://49.51.33.153:9200"],
    basic_auth=("elastic", "-0NiIBOJGn2CATuPWzNc"),
    # 指纹必须去掉冒号，全大写
    ssl_assert_fingerprint="80AF64DB043E12EBDA11C10F70042AF91306A705FD2CB6285814A84B420C734A5",
    verify_certs=True  # 必须为 True
 )
 print(es.info())
--- a/filebast/us-prod-01/filebeat.yml
+++ b/filebast/us-prod-01/filebeat.yml
@@ -18,11 +18,11 @@ processors:
      when:
        equals:
          log_type: admin.log 
-      tokenizer: '%{timestamp} [%{thread}] %{log_level} %{log_message}'
+      tokenizer: '%{timestamp} %{level} %{pid} --- \\[%{thread}\\] %{class} : %{message}'
      field: "message"
-      target_prefix: "parsed_sys_info"
+      target_prefix: "mylog"
      ignore_missing: true
-      overwrite_keys: false
+      overwrite_keys: true
--- a/filebast/us-prod-01/flymoon-admin.yml
+++ b/filebast/us-prod-01/flymoon-admin.yml
@@ -2,14 +2,14 @@
  id: us_pord_01_flymoon-admin
  enabled: true
  paths:
-    - /root/logs/flymoon-admin/sys-info.log
+    - /root/logs/flymoon-admin/app.log
  fields:
    application: flymoon-admin  # 自定义字段，标识应用名称
    log_type: admin.log  # 自定义字段，标识日志类型
    environment: us-pord    # 自定义字段，标识机器环境名称
    instance: us-prod-01  # 自定义字段，标识机器名称
  fields_under_root: true
-  multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对info的日志格式
+  multiline.pattern: '^\d{4}-\d{2}-\d{2}\ \d{2}:\d{2}:\d{2}\.\d{3}'
  multiline.negate: true
  multiline.match: after
  ignore_older: 24h   # 忽略旧日志文件（避免处理已归档的日志）
--- a/filebast/us-prod-02/filebeat.yml
+++ b/filebast/us-prod-02/filebeat.yml
@@ -27,7 +27,7 @@ processors:
      when:
        equals:
          log_type: email.log
-      tokenizer: '%{timestamp} [%{thread}] %{level} %{class} - [%{method_line}] - %{message}'
+      tokenizer: '%{timestamp} %{level} %{pid} --- \\[%{thread}\\] %{message}'
      field: "message"
      target_prefix: "mylog"
      ignore_missing: true
@@ -37,7 +37,7 @@ processors:
      when:
        equals:
          log_type: agent.log
-      tokenizer: '%{timestamp} %{level} - [%{method},%{line}] - %{message}'
+      tokenizer: '%{date} %{time} %{level}  %{pid} --- [%{thread}] %{class->} : [%{app}] %{message}'
      field: "message"
      target_prefix: "mylog"
      ignore_missing: true
@@ -45,6 +45,7 @@ processors:
 #输出
 output.elasticsearch:
  hosts: ["http://106.53.194.199:9200"]
--- a/filebast/us-prod-02/flymoon-agent.yml
+++ b/filebast/us-prod-02/flymoon-agent.yml
@@ -9,7 +9,7 @@
    environment: us-pord    # 自定义字段，标识机器环境名称
    instance: us-prod-02  # 自定义字段，标识机器名称
  fields_under_root: true
-  multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对email的sys-info.log的日志格式多行
+  multiline.pattern: '^\d{4}-\d{2}-\d{2}\ \d{2}:\d{2}:\d{2}\.\d{3}'
  multiline.negate: true
  multiline.match: after
  ignore_older: 24h   # 忽略旧日志文件（避免处理已归档的日志）
--- a/filebast/us-prod-02/flymoon-email.yml
+++ b/filebast/us-prod-02/flymoon-email.yml
@@ -20,4 +20,3 @@
  start_position: beginning   # 从文件的开头读取
--- a/filebast/us-prod-03/filebeat.yml
+++ b/filebast/us-prod-03/filebeat.yml
@@ -25,18 +25,20 @@ processors:
  - dissect:
      when:
        equals:
-          log_type: payment.log
+          log_type: agent.log
-      tokenizer: '%{timestamp} [%{thread}] %{level} %{class} - [%{method},%{line}] - %{message}'
+      tokenizer: '%{date} %{time} %{level}  %{pid} --- [%{thread}] %{class->} : [%{app}] %{message}'
      field: "message"
      target_prefix: "mylog"
      ignore_missing: true
      overwrite_keys: true
  - dissect:
      when:
        equals:
-          log_type: agent.log
+          log_type: payment.log
-      tokenizer: '%{timestamp} %{level} - [%{method},%{line}] - %{message}'
+      tokenizer: '%{date} %{time} %{level}  %{pid} --- [%{thread}] %{class->} : [%{app}] %{message}'
      field: "message"
      target_prefix: "mylog"
      ignore_missing: true
@@ -44,6 +46,7 @@ processors:
 #输出
 output.elasticsearch:
  hosts: ["http://106.53.194.199:9200"]
--- a/filebast/us-prod-03/flymoon-agent.yml
+++ b/filebast/us-prod-03/flymoon-agent.yml
@@ -9,7 +9,7 @@
    environment: us-pord    # 自定义字段，标识机器环境名称
    instance: us-prod-03  # 自定义字段，标识机器名称
  fields_under_root: true
-  multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对email的sys-info.log的日志格式多行
+  multiline.pattern: '^\d{4}-\d{2}-\d{2}\ \d{2}:\d{2}:\d{2}\.\d{3}'
  multiline.negate: true
  multiline.match: after
  ignore_older: 24h   # 忽略旧日志文件（避免处理已归档的日志）
--- a/filebast/us-prod-03/flymoon-payment.yml
+++ b/filebast/us-prod-03/flymoon-payment.yml
@@ -2,14 +2,14 @@
  id: us_pord_03_flymoon-payment
  enabled: true
  paths:
-    - /root/logs/flymoon-payment/sys-info.log
+    - /root/logs/flymoon-payment/app.log
  fields:
    application: flymoon-payment
    log_type: payment.log
    environment: us-pord
    instance: us-prod-03
  fields_under_root: true
-  multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}'
+  multiline.pattern: '^\d{4}-\d{2}-\d{2}\ \d{2}:\d{2}:\d{2}\.\d{3}'
  multiline.negate: true
  multiline.match: after
  ignore_older: 24h   # 忽略旧日志文件（避免处理已归档的日志）
--- a/jenkins/流水线配置/lessie-profile-test-web.conf
+++ b/jenkins/流水线配置/lessie-profile-test-web.conf
@@ -0,0 +1,66 @@
 pipeline {
    agent any
    parameters {
        gitParameter(
            branchFilter: 'origin/(.*)',
            defaultValue: 'release',
            name: 'GIT_BRANCH',
            type: 'PT_BRANCH_TAG',
            selectedValue: 'DEFAULT',
            sortMode: 'NONE',
            description: '选择代码分支: ',
            quickFilterEnabled: true,
            tagFilter: '*',
            listSize: "5"
        )
    }
    environment {
        REMOTE_HOST = '192.168.70.15'
        REMOTE_PROJECT_PATH = '/data/webapps/lessie-react'
    }
    stages {
        stage('Checkout 代码') {
            steps {
                git branch: "${params.GIT_BRANCH}", credentialsId: 'fly_gitlab_auth', url: 'http://172.24.16.20/web/lessie-react.git'
            }
        }
        stage('同步') {
            steps {
                sh """
                    ssh ${REMOTE_HOST} 'mkdir -p ${REMOTE_PROJECT_PATH}'
                    rsync -avz --delete --exclude='node_modules' ${WORKSPACE}/ ${REMOTE_HOST}:${REMOTE_PROJECT_PATH}/
                """
            }
        }
        stage('安装启动') {
            steps {
                sh """
                    ssh ${REMOTE_HOST} '
                        cd ${REMOTE_PROJECT_PATH} &&
                        pm2 delete lessie-react || true &&
                        pm2 list &&
                        nvm use 22.21.1 &&
                        npm install &&
                        npm run build &&
                        pm2 start ecosystem.config.cjs &&
                        pm2 save
                    '
                """
            }
        }
    }
    post {
        success {
            echo '部署成功'
        }
        failure {
            echo '部署失败，请检查日志'
        }
    }
 }
`@@ -20,4 +20,3 @@`
	`start_position: beginning # 从文件的开头读取`	`start_position: beginning # 从文件的开头读取`