ELK实时分析之php的laravel项目日志

最近因公司项目增多,且环境也越来复杂,开发人员找我查看错误日志越来越频繁,心里便念想到ELK,心之所想,念之所达,快来get一项新技能吧

1、系统架构组成

  1. laravel日志:日志源通过filebeat将日志写进redis中间件
  2. logstsh:logstash通过input将redis数据拿来分析,通过其filter模块分析所需要的语句,然后输出到elasticsearch
    3.elasticsearch 接收logstash发送过来的数据,并提供了一个分布式多用户能力的全文搜索引擎
  3. Kibana是一个优秀的前端日志展示框架,它可以非常详细的将日志转化为各种图表,为用户提供强大的数据可视化支持。

二、各个服务的ip地址

laravel: 172.18.109.227
redis: 172.18.215.207
elasticsearch: 172.18.215.207
kibana: 172.18.215.207

三、laravel日志服务器配置:

  1. 配置filebeat yum源文件
[elastic-5.x]
name=Elastic repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
  1. 安装filebeat
yum install filebeat
  1. 配置filebeat配置文件
...
#写入源
- input_type: log
  paths:
  - /var/www/html/*/storage/logs/laravel-2018-12-29.log
...
#输出至redis
output.redis:
  # Array of hosts to connect to.
  hosts: ["172.18.215.207:6379"]
  password: "***********"
  db: 0
  timeout: 5
  key: "php-01"

  # Optional protocol and basic auth credentials.
  #protocol: "https"
  #username: "elastic"
  #password: "changeme"

四、redis服务器

  1. 安装redis
yum install redis
  1. 配置redis
...
# bind 192.168.1.100 10.0.0.1
bind 172.18.215.207
# bind 127.0.0.1 ::1
#
...
# are explicitly listed using the "bind" directive.
protected-mode yes

# Accept connections on the specified port, default is 6379 (IANA #815344).
# If port 0 is specified Redis will not listen on a TCP socket.
port 6379

# TCP listen() backlog.
#
# In high requests-per-second environments you need an high backlog in order
# to avoid slow clients connections issues. Note that the Linux kernel
# will silently truncate it to the value of /proc/sys/net/core/somaxconn so
# make sure to raise both the value of somaxconn and tcp_max_syn_backlog
# in order to get the desired effect.
tcp-backlog 511
...
# use a very strong password otherwise it will be very easy to break.
#
requirepass ***********

# Command renaming.
#
# It is possible to change the name of dangerous commands in a shared
# environment. For instance the CONFIG command may be renamed into something
# hard to guess so that it

五、配置logstash服务器

  1. 配置logstash yum源
[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
  1. logstash配置文件
#
# Where to fetch the pipeline configuration for the main pipeline
#
path.config: /etc/logstash/conf.d
#
# Pipeline configuration string for the main pipeline
#
# config.string:
#
...
path.config: /etc/logstash/conf.d
#
...
http.host: "127.0.0.1"
#
# Bind port for the metrics REST endpoint, this option also accept a range
# (9600-9700) and logstash will pick up the first available ports.
#
# http.port: 9600-9700
#
# ------------ Debugging Settings --------------
#
# Options for log.level:
#   * fatal
#   * error
#   * warn
#   * info (default)
#   * debug
#   * trace
#
# log.level: info
path.logs: /var/log/logstash
#
...


vim /etc/logstash/conf.d/nginx.conf

# 从redis将数据取出
input {
  redis {
    type => "php-01"
    host => "172.18.215.207"
    port => "6379"
    db => "0"
    password => "*************"
    data_type => "list"
    key => "php-01"
  }
}


# 格式化laravel日志
filter {
   grok {
        match => [ "message","\[%{TIMESTAMP_ISO8601:logtime}\] %{WORD:env}\.(?<level>[A-Z]{4,5})\: %{GREEDYDATA:msg}}" ]
        }
}

output {
        #过滤level为ERROR的日志
        if [level] == "ERROR" {
         elasticsearch {
              hosts => ["127.0.0.1:9200"]
              index => "laravellog"
              user => "elastic"
              password => "changeme"
            }
        }

}

laravel的实例日志为

[2019-01-02 09:58:00] produce.INFO: {"code":200,"message":"成功","data":{"code":"1000","message":"成功"}}
[2019-01-02 10:00:03] produce.INFO: 不能充值的原因账户金额不够
[2019-01-02 10:00:03] produce.INFO: 不能充值的原因账户金额不够
[2019-01-02 10:00:03] produce.INFO: 不能充值的原因账户金额不够
[2019-01-02 10:00:34] produce.ERROR: cannot find user by this audience {"exception":"[object] (JPush\\Exceptions\\APIRequestException(code: 1011): cannot find user by this audience at /var/www/html/enjoyCarTask/vendor/jpush/jpush/src/JPush/Http.php:123)
[stacktrace]
#0 /var/www/html/enjoyCarTask/vendor/jpush/jpush/src/JPush/Http.php(16): JPush\\Http::processResp(Array)
#1 /var/www/html/enjoyCarTask/vendor/jpush/jpush/src/JPush/PushPayload.php(537): JPush\\Http::post(Object(JPush\\Client), 'https://api.jpu...', '{\"platform\":\"al...')
#2 /var/www/html/enjoyCarTask/vendor/ucar/push/Push/Jobs/JPush.php(89): JPush\\PushPayload->send()
#3 [internal function]: Ucar\\Push\\Jobs\\JPush->handle(Object(JPush\\Client))
#4 /var/www/html/enjoyCarTask/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php(29): call_user_func_array(Array, Array)
#5 /var/www/html/enjoyCarTask/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php(87): Illuminate\\Container\\BoundMethod::Illuminate\\Container\\{closure}()
#6 /var/www/html/enjoyCarTask/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php(31): Illuminate\\Container\\BoundMethod::callBoundMethod(Object(Illuminate\\Foundation\\Application), Array, Object(Closure))
#7 /var/www/html/enjoyCarTask/vendor/laravel/framework/src/Illuminate/Container/Container.php(564): Illuminate\\Container\\BoundMethod::call(Object(Illuminate\\Foundation\\Application), Array, Array, NULL)

注意:我们只想把ERROR的信息提取出来,所以logstash的配置文件中把level 为ERROR的筛选了出来

六、配置elasticsearch服务器

  1. 配置elasticsearch yum源
[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
  1. 安装elasticsearch
yum install -y elasticsearch
  1. 配置elasticsearch
chown -R elasticsearch:elasticsearch /data/es-data
chown -R elasticsearch:elasticsearch /var/log/elstic


vim /etc/elasticsearch/elasticsearch.yml
#
# Use a descriptive name for the node:
#
node.name: Elstic
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
# 数据路径
path.data: /data/es-data
#

# Path to log files:
#日志路径
path.logs: /var/log/elstic
...
# 监听地址,设置为127,只保持本机访问
network.host: 127.0.0.1
#
# Set a custom port for HTTP:
#
# 监听的端口
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#

七、配置kibana服务

vim /etc/kibana/kibana.ym
# Kibana is served by a back end server. This setting specifies the port to use.
# 监听的端口
server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
# 监听地址,使用内网地址,然后用nginx反代
server.host: "127.0.0.1"

# Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects
# the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests
# to Kibana. This setting cannot end in a slash.
#server.basePath: ""

# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576

# The Kibana server's name.  This is used for display purposes.
#server.name: "your-hostname"

# The URL of the Elasticsearch instance to use for all your queries.
elasticsearch.url: "http://localhost:9200"

# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true

# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"

# The default application to load.
....

八、使用nginx反代kibana

$ cat /etc/nginx/conf.d/elk.conf
server {
    listen 443 http2 ssl;
    listen [::]:443 http2 ssl;

    server_name *********;

    ssl on;
        ssl_certificate "**************";
        ssl_certificate_key "/usr/local/certificate/************";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_prefer_server_ciphers on;
    #ssl_dhparam /etc/ssl/certs/dhparam.pem;

    ########################################################################
    # from https://cipherli.st/                                            #
    # and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html #
    ########################################################################
    # Disable preloading HSTS for now.  You can use the commented out header line that includes
    # the "preload" directive if you understand the implications.
    #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;

    ##################################

    # 这里是反向代理到kibana服务 走http协议
    location / {
       proxy_pass   http://127.0.0.1:5601;
    }
}


#配置80端口重写443端口
server {
        listen 80;
        server_name *********;
        rewrite ^/(.*)$ https://*********/$1;
}

九、访问kibana配置索引


启动所以服务后再次访问kibana,查看效果。


大功告成~,以后可以让开发自己看错误日志咯


总结:

  • 此次因为服务器数量有限,(不敢在正式服务器上乱搞= =)只使用了两台服务器,php的laravel日志和filebeat服务一台,作为写入源,Redis,Elasticsearch、Logstash、Kibana,一台作为日志处理服务器,(如果做多台的话,监听地址需要改变)。跑一段时间确认没问题再上正式。
  • 监听的地址最好都使用内网地址,防止被攻击。

喜欢我写的东西的朋友可以关注一下我的公众号:Devops部落

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 203,098评论 5 476
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 85,213评论 2 380
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 149,960评论 0 336
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 54,519评论 1 273
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 63,512评论 5 364
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 48,533评论 1 281
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 37,914评论 3 395
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 36,574评论 0 256
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 40,804评论 1 296
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 35,563评论 2 319
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 37,644评论 1 329
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 33,350评论 4 318
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 38,933评论 3 307
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 29,908评论 0 19
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 31,146评论 1 259
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 42,847评论 2 349
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 42,361评论 2 342

推荐阅读更多精彩内容