初始化提交
This commit is contained in:
dxin
78
filebast/sit/filebeat.yml
Normal file
78
filebast/sit/filebeat.yml
Normal file
@@ -0,0 +1,78 @@
|
||||
setup.template.enabled: true
|
||||
setup.ilm.enabled: true
|
||||
setup.template.name: "sit-flymoonlog"
|
||||
setup.template.pattern: "sit-flymoonlog*"
|
||||
|
||||
|
||||
|
||||
#主配置文件加载子配置文件
|
||||
filebeat.config.inputs:
|
||||
enabled: true
|
||||
path: /etc/filebeat/inputs.d/*.yml
|
||||
reload.enabled: true
|
||||
reload.period: 10s
|
||||
|
||||
|
||||
|
||||
#处理器
|
||||
processors:
|
||||
- dissect:
|
||||
when:
|
||||
equals:
|
||||
log_type: sys-info
|
||||
tokenizer: '%{timestamp} [%{thread}] %{log_level} %{class_name} - [%{method},%{line}] - %{message}'
|
||||
field: "message"
|
||||
target_prefix: "parsed_sys_info"
|
||||
# - include_fields:
|
||||
# fields: ["@timestamp", "log_type", "message", "application", "host.ip", "host.name", "log.file.path", "parsed_sys_info.timestamp", "parsed_sys_info.log_level", "parsed_sys_info.message", "parsed_sys_info.method", "parsed_sys_info.thread", "_id", "_index" ]
|
||||
|
||||
- dissect:
|
||||
when:
|
||||
equals:
|
||||
log_type: sys-error
|
||||
tokenizer: '%{timestamp} [%{thread}] %{log_level} %{logger} - [%{method},%{line}] - %{message}'
|
||||
field: "message"
|
||||
target_prefix: "parsed_sys_error"
|
||||
# - include_fields:
|
||||
# fields: ["@timestamp", "log_type", "message", "application", "host.ip", "host.name", "log.file.path", "parsed_sys_info.timestamp", "parsed_sys_info.log_level", "parsed_sys_info.message", "parsed_sys_info.method", "parsed_sys_info.thread", "_id", "_index", "parsed_sys_info.logger" ]
|
||||
|
||||
- dissect:
|
||||
when:
|
||||
equals:
|
||||
log_type: sys-user
|
||||
tokenizer: '%{timestamp} [%{thread}] %{log_level} %{module} - [%{method},%{line}] - %{message}'
|
||||
field: "message"
|
||||
target_prefix: "parsed_sys_user"
|
||||
# - include_fields:
|
||||
# fields: ["@timestamp", "log_type", "message", "application", "host.ip", "host.name", "log.file.path", "parsed_sys_info.timestamp", "parsed_sys_info.log_level", "parsed_sys_info.message", "parsed_sys_info.method", "parsed_sys_info.thread", "_id", "_index", "parsed_sys_info.module" ]
|
||||
|
||||
|
||||
|
||||
#输出
|
||||
output.elasticsearch:
|
||||
hosts: ["http://192.168.60.21:9200"]
|
||||
username: "admin"
|
||||
password: "123456"
|
||||
index: "sit-flymoonlog-%{[environment]}-%{[application]}-%{+yyyy.MM}" # 按月分割索引
|
||||
bulk_max_size: 50 # 单批次传输最大文档数
|
||||
worker: 1 # 并行工作线程数
|
||||
timeout: 15s
|
||||
|
||||
|
||||
|
||||
# 日志记录
|
||||
logging.level: info
|
||||
logging.to_files: true
|
||||
logging.files:
|
||||
path: /var/log/filebeat
|
||||
name: filebeat.log
|
||||
keepfiles: 7
|
||||
permissions: 0644
|
||||
|
||||
|
||||
|
||||
# 设置队列和内存使用
|
||||
queue.mem:
|
||||
events: 1024
|
||||
flush.min_events: 512
|
||||
flush.timeout: 60s
|
||||
22
filebast/sit/fly-moon-payment.yml
Normal file
22
filebast/sit/fly-moon-payment.yml
Normal file
@@ -0,0 +1,22 @@
|
||||
- type: log
|
||||
id: pord01_fly-moon-agent
|
||||
enabled: true
|
||||
paths:
|
||||
- /root/logs/flymoon-agent/sys-info.log
|
||||
fields:
|
||||
application: flymoon-agent # 自定义字段,标识应用名称
|
||||
log_type: sys-info # 自定义字段,标识日志类型
|
||||
environment: pord01 # 自定义字段,标识机器环境名称
|
||||
fields_under_root: true
|
||||
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对email的sys-info.log的日志格式多行
|
||||
multiline.negate: true
|
||||
multiline.match: after
|
||||
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
|
||||
scan_frequency: 10s # 定期扫描新文件的频率
|
||||
clean_inactive: 25h # 清除超过一天未更新的文件
|
||||
close_inactive: 5m # 文件超过5分钟无更新则关闭
|
||||
close_renamed: true # 处理被重命名的文件
|
||||
start_position: beginning # 从文件的开头读取
|
||||
|
||||
|
||||
|
||||
72
filebast/sit/flymoon-admin.yml
Normal file
72
filebast/sit/flymoon-admin.yml
Normal file
@@ -0,0 +1,72 @@
|
||||
- type: filestream
|
||||
id: input_sit_flymoon-admin_sys-info
|
||||
enabled: true
|
||||
paths:
|
||||
- /root/logs/flymoon-admin/sys-info.log
|
||||
fields:
|
||||
application: flymoon-admin # 自定义字段,标识应用名称
|
||||
log_type: sys-info # 自定义字段,标识日志类型
|
||||
environment: sit # 自定义字段,标识机器环境名称
|
||||
fields_under_root: true
|
||||
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对info的日志格式
|
||||
multiline.negate: true
|
||||
multiline.match: after
|
||||
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
|
||||
scan_frequency: 10s # 定期扫描新文件的频率
|
||||
clean_inactive: 25h # 清除超过一天未更新的文件
|
||||
close_inactive: 5m # 文件超过5分钟无更新则关闭
|
||||
close_renamed: true # 处理被重命名的文件
|
||||
start_position: beginning # 从文件的开头读取
|
||||
|
||||
# - type: filestream
|
||||
# id: input_sit_flymoon-admin_sys-error
|
||||
# enabled: true
|
||||
# paths:
|
||||
# - /root/logs/flymoon-admin/sys-error.log
|
||||
# fields:
|
||||
# application: flymoon-admin # 自定义字段,标识应用名称
|
||||
# log_type: sys-error # 自定义字段,标识日志类型
|
||||
# environment: sit # 自定义字段,标识机器环境名称
|
||||
# fields_under_root: true
|
||||
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对error的日志格式
|
||||
# multiline.negate: true
|
||||
# multiline.match: after
|
||||
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
|
||||
# scan_frequency: 10s # 定期扫描新文件的频率
|
||||
# clean_inactive: 25h # 清除超过一天未更新的文件
|
||||
# close_inactive: 5m # 文件超过5分钟无更新则关闭
|
||||
# close_renamed: true # 处理被重命名的文件
|
||||
# start_position: beginning # 从文件的开头读取
|
||||
|
||||
# - type: filestream
|
||||
# id: input_sit_flymoon-admin_sys-user
|
||||
# enabled: true
|
||||
# paths:
|
||||
# - /root/logs/flymoon-admin/sys-user.log
|
||||
# fields:
|
||||
# application: flymoon-admin # 自定义字段,标识应用名称
|
||||
# log_type: sys-user # 自定义字段,标识日志类型
|
||||
# environment: sit # 自定义字段,标识机器环境名称
|
||||
# fields_under_root: true
|
||||
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对user的日志格式
|
||||
# multiline.negate: true
|
||||
# multiline.match: after
|
||||
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
|
||||
# scan_frequency: 10s # 定期扫描新文件的频率
|
||||
# clean_inactive: 25h # 清除超过一天未更新的文件
|
||||
# close_inactive: 5m # 文件超过5分钟无更新则关闭
|
||||
# close_renamed: true # 处理被重命名的文件
|
||||
# start_position: beginning # 从文件的开头读取
|
||||
|
||||
|
||||
|
||||
|
||||
#设置索引模版
|
||||
# setup.template.name: "sit-flymoon-admin"
|
||||
# setup.template.pattern: "sit-flymoon-admin*"
|
||||
|
||||
# output.elasticsearch:
|
||||
# hosts: ["http://192.168.60.21:9200"]
|
||||
# username: "admin"
|
||||
# password: "123456"
|
||||
# index: "sit-flymoon-admin-%{+yyyy.MM}" # 按月分割索引
|
||||
72
filebast/sit/flymoon-partner.yml
Normal file
72
filebast/sit/flymoon-partner.yml
Normal file
@@ -0,0 +1,72 @@
|
||||
- type: filestream
|
||||
id: input_sit_flymoon-partner_sys-info
|
||||
enabled: true
|
||||
paths:
|
||||
- /root/logs/flymoon-partner/sys-info.log
|
||||
fields:
|
||||
application: flymoon-partner # 自定义字段,标识应用名称
|
||||
log_type: sys-info # 自定义字段,标识日志类型
|
||||
environment: sit # 自定义字段,标识机器环境名称
|
||||
fields_under_root: true
|
||||
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对info的日志格式多行
|
||||
multiline.negate: true
|
||||
multiline.match: after
|
||||
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
|
||||
scan_frequency: 10s # 定期扫描新文件的频率
|
||||
clean_inactive: 25h # 清除超过一天未更新的文件
|
||||
close_inactive: 5m # 文件超过5分钟无更新则关闭
|
||||
close_renamed: true # 处理被重命名的文件
|
||||
start_position: beginning # 从文件的开头读取
|
||||
|
||||
# - type: filestream
|
||||
# id: input_sit_flymoon-admin_sys-error
|
||||
# enabled: true
|
||||
# paths:
|
||||
# - /root/logs/flymoon-admin/sys-error.log
|
||||
# fields:
|
||||
# application: flymoon-admin # 自定义字段,标识应用名称
|
||||
# log_type: sys-error # 自定义字段,标识日志类型
|
||||
# environment: sit # 自定义字段,标识机器环境名称
|
||||
# fields_under_root: true
|
||||
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对error的日志格式
|
||||
# multiline.negate: true
|
||||
# multiline.match: after
|
||||
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
|
||||
# scan_frequency: 10s # 定期扫描新文件的频率
|
||||
# clean_inactive: 25h # 清除超过一天未更新的文件
|
||||
# close_inactive: 5m # 文件超过5分钟无更新则关闭
|
||||
# close_renamed: true # 处理被重命名的文件
|
||||
# start_position: beginning # 从文件的开头读取
|
||||
|
||||
# - type: filestream
|
||||
# id: input_sit_flymoon-admin_sys-user
|
||||
# enabled: true
|
||||
# paths:
|
||||
# - /root/logs/flymoon-admin/sys-user.log
|
||||
# fields:
|
||||
# application: flymoon-admin # 自定义字段,标识应用名称
|
||||
# log_type: sys-user # 自定义字段,标识日志类型
|
||||
# environment: sit # 自定义字段,标识机器环境名称
|
||||
# fields_under_root: true
|
||||
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对user的日志格式
|
||||
# multiline.negate: true
|
||||
# multiline.match: after
|
||||
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
|
||||
# scan_frequency: 10s # 定期扫描新文件的频率
|
||||
# clean_inactive: 25h # 清除超过一天未更新的文件
|
||||
# close_inactive: 5m # 文件超过5分钟无更新则关闭
|
||||
# close_renamed: true # 处理被重命名的文件
|
||||
# start_position: beginning # 从文件的开头读取
|
||||
|
||||
|
||||
|
||||
|
||||
#设置索引模版
|
||||
# setup.template.name: "sit-flymoon-admin"
|
||||
# setup.template.pattern: "sit-flymoon-admin*"
|
||||
|
||||
# output.elasticsearch:
|
||||
# hosts: ["http://192.168.60.21:9200"]
|
||||
# username: "admin"
|
||||
# password: "123456"
|
||||
# index: "sit-flymoon-admin-%{+yyyy.MM}" # 按月分割索引
|
||||
72
filebast/sit/flymoon-task.yml
Normal file
72
filebast/sit/flymoon-task.yml
Normal file
@@ -0,0 +1,72 @@
|
||||
- type: filestream
|
||||
id: input_sit_flymoon-task_sys-info
|
||||
enabled: true
|
||||
paths:
|
||||
- /root/logs/flymoon-task/sys-info.log
|
||||
fields:
|
||||
application: flymoon-task # 自定义字段,标识应用名称
|
||||
log_type: sys-info # 自定义字段,标识日志类型
|
||||
environment: sit # 自定义字段,标识机器环境名称
|
||||
fields_under_root: true
|
||||
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对info的日志格式多行
|
||||
multiline.negate: true
|
||||
multiline.match: after
|
||||
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
|
||||
scan_frequency: 10s # 定期扫描新文件的频率
|
||||
clean_inactive: 25h # 清除超过一天未更新的文件
|
||||
close_inactive: 5m # 文件超过5分钟无更新则关闭
|
||||
close_renamed: true # 处理被重命名的文件
|
||||
start_position: beginning # 从文件的开头读取
|
||||
|
||||
# - type: filestream
|
||||
# id: input_sit_flymoon-admin_sys-error
|
||||
# enabled: true
|
||||
# paths:
|
||||
# - /root/logs/flymoon-admin/sys-error.log
|
||||
# fields:
|
||||
# application: flymoon-admin # 自定义字段,标识应用名称
|
||||
# log_type: sys-error # 自定义字段,标识日志类型
|
||||
# environment: sit # 自定义字段,标识机器环境名称
|
||||
# fields_under_root: true
|
||||
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对error的日志格式
|
||||
# multiline.negate: true
|
||||
# multiline.match: after
|
||||
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
|
||||
# scan_frequency: 10s # 定期扫描新文件的频率
|
||||
# clean_inactive: 25h # 清除超过一天未更新的文件
|
||||
# close_inactive: 5m # 文件超过5分钟无更新则关闭
|
||||
# close_renamed: true # 处理被重命名的文件
|
||||
# start_position: beginning # 从文件的开头读取
|
||||
|
||||
# - type: filestream
|
||||
# id: input_sit_flymoon-admin_sys-user
|
||||
# enabled: true
|
||||
# paths:
|
||||
# - /root/logs/flymoon-admin/sys-user.log
|
||||
# fields:
|
||||
# application: flymoon-admin # 自定义字段,标识应用名称
|
||||
# log_type: sys-user # 自定义字段,标识日志类型
|
||||
# environment: sit # 自定义字段,标识机器环境名称
|
||||
# fields_under_root: true
|
||||
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对user的日志格式
|
||||
# multiline.negate: true
|
||||
# multiline.match: after
|
||||
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
|
||||
# scan_frequency: 10s # 定期扫描新文件的频率
|
||||
# clean_inactive: 25h # 清除超过一天未更新的文件
|
||||
# close_inactive: 5m # 文件超过5分钟无更新则关闭
|
||||
# close_renamed: true # 处理被重命名的文件
|
||||
# start_position: beginning # 从文件的开头读取
|
||||
|
||||
|
||||
|
||||
|
||||
#设置索引模版
|
||||
# setup.template.name: "sit-flymoon-admin"
|
||||
# setup.template.pattern: "sit-flymoon-admin*"
|
||||
|
||||
# output.elasticsearch:
|
||||
# hosts: ["http://192.168.60.21:9200"]
|
||||
# username: "admin"
|
||||
# password: "123456"
|
||||
# index: "sit-flymoon-admin-%{+yyyy.MM}" # 按月分割索引
|
||||
Reference in New Issue
Block a user