apt-get install tomcat8 -y # 安裝Tomcat本體
apt-get install tomcat8-docs tomcat8-examples tomcat8-admin -y # 安裝測(cè)試demo

systemctl start tomcat8 # 啟動(dòng)Tomcat
systemctl status tomcat8
netstat -lntup|grep 8080 # 端口測(cè)試
lsof -i:8080
# 端口檢查得到輸出
COMMAND  PID    USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
java    4502 tomcat8   63u  IPv6 125026      0t0  TCP *:http-alt (LISTEN)

tail -f /var/log/tomcat8/localhost_access_log.2021-08-01.txt 

# 編輯配置文件
vim /etc/tomcat8/server.xml
#將以下內(nèi)容替換配置文件中135行對(duì)應(yīng)內(nèi)容
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".log"
               pattern="{&quot;client&quot;:&quot;%h&quot;,  &quot;client user&quot;:&quot;%l&quot;,   &quot;authenticated&quot;:&quot;%u&quot;,   &quot;access time&quot;:&quot;%t&quot;,     &quot;method&quot;:&quot;%r&quot;,   &quot;status&quot;:&quot;%s&quot;,  &quot;send bytes&quot;:&quot;%b&quot;,  &quot;Query?string&quot;:&quot;%q&quot;,  &quot;partner&quot;:&quot;%{Referer}i&quot;,  &quot;Agent version&quot;:&quot;%{User-Agent}i&quot;}"/>
# 查看修改內(nèi)容
cat -n /etc/tomcat8/server.xml

# 先清空日志
> /var/log/tomcat8/localhost_access_log.2021-08-02.txt 
# 重新啟動(dòng)Tomcat
systemctl restart tomcat8
# 查看日志
root@master:/var/log/tomcat8# tail -f /var/log/tomcat8/localhost_access_log.2021-08-02.log  # 查看日志命令
{"client":"172.16.255.1", "client user":"-", "authenticated":"-", "access time":"[02/Aug/2021:02:23:55 +0000]", "method":"GET /examples/servlets/images/return.gif HTTP/1.1", "status":"200",  "send bytes":"1231",  "Query?string":"", "partner":"http://172.16.255.131:8080/examples/servlets/", "Agent version":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"}
{"client":"172.16.255.1", "client user":"-", "authenticated":"-", "access time":"[02/Aug/2021:02:23:57 +0000]", "method":"GET /examples/servlets/servlet/RequestParamExample HTTP/1.1", "status":"200",  "send bytes":"673",  "Query?string":"", "partner":"http://172.16.255.131:8080/examples/servlets/", "Agent version":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"}
{"client":"172.16.255.1", "client user":"-", "authenticated":"-", "access time":"[02/Aug/2021:02:24:01 +0000]", "method":"GET /host-manager/html HTTP/1.1", "status":"401",  "send bytes":"2044",  "Query?string":"", "partner":"http://172.16.255.131:8080/", "Agent version":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"}

# ================== Filebeat inputs ===============
# ------------------------------Tomcat----------------------------------
- type: log
  enabled: true
  paths:
    # - /var/log/tomcat8/localhost_access_log.2021-08-02.log
    # 為了能夠采集所有日期的日志，將文件名中的指定日期改成通配符`*`
    - /var/log/tomcat8/localhost_access_log.*.log
  json.keys_under_root: true
  json.overwrite_keys: true
  tags: ["tomcat"]

# ================================== Outputs ===================================
# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
  hosts: ["172.16.255.131:9200"]
  indices:
      - index: "nginx-access-%{[agent.version]}-%{+yyyy.MM}"
        when.contains:
            tags: "access"
      - index: "nginx-error-%{[agent.version]}-%{+yyyy.MM}"
        when.contains:
            tags: "error"
# 在輸出配置中添加如下索引設(shè)置識(shí)別tomcat日志，值得注意的時(shí)這里不需要再重新編輯template設(shè)置，應(yīng)該pattern配置只在第一次使用時(shí)進(jìn)行匹配識(shí)別
      - index: "tomcat-access-%{[agent.version]}-%{+yyyy.MM}"
        when.contains:
            tags: "tomcat"

systemctl restart filebeat