API接口：

软件内部代码之间通信的接口 代码的连接点

端口是对外提供访问程序的内容接口

filebeat：

1、可以在本机收集日志

2、也可以远程收集日志

3、轻量级的日志收集系统，可以在非java环境运行

logstash是在jvm环境中运行，资源消耗很好，启动一个logstash要消耗500M左右的内存

filebeat只消耗10M左右的内存

5044 是logstash默认的端口

只要是logstash主机上没有被占用的端口都可以使用。大于1024都可以。

 nohup ./filebeat -e -c filebeat.yml > filebeat.out &

-e：输出到标准输出

-c：指定配置文件

nohup：在系统的后台运行，不会因为中端的关闭导致程序停止运行

可以把运行的日志保存到指定文件夹

apach日志可视化的操作：

yum -y install httpd
[root@apache conf.d]# cd /etc/logstash/conf.d/
[root@apache conf.d]# vim httd.conf
input {file{path => "/etc/httpd/logs/access_log"type => "access"start_position => "beginning"}file{path => "/etc/httpd/logs/error_log"type => "error"start_position => "beginning"}
}
output {if [type] == "access" {elasticsearch {hosts => ["192.168.60.82:9200","192.168.60.83:9200"]index => "apache_access.%{+YYYY.MM.dd}"}}if [type] == "error" {elasticsearch {hosts => ["192.168.60.82:9200","192.168.60.83:9200"]index => "apache_error.%{+YYYY.MM.dd}"}}
​
}
[root@apache conf.d]# logstash -f http.conf --path.data /opt/test3 &

nginx日志可视化的操作：

[root@test3 opt]# rz -E
rz waiting to receive.
#将这个filebeat-6.7.2-linux-x86_64.tar.gz放到nginx的opt目录下
[root@test3 opt]# tar -xf filebeat-6.7.2-linux-x86_64.tar.gz 
[root@test3 opt]# mv filebeat-6.7.2-linux-x86_64 /usr/local/filebeat
[root@test3 filebeat]# cp filebeat.yml filebeat.yml.bak
[root@test3 filebeat]# vim filebeat.yml21 - type: log22   enabled: true23   paths:24     - /usr/local/nginx/logs/access.log25     - /usr/local/nginx/logs/error.log26 #开启日志收集，以及确定日志文本的路径，指定标签和发送到目标主机的logstash27   tags: ["nginx"]28   fields:29      service_name: 192.168.60.30_nginx30      log_type: nginx31      from: 192.168.60.30
151 #output.elasticsearch:          #将151行注释
153  # hosts: ["localhost:9200"]    #将153行注释
164 output.logstash:                #将164行取消注释
166   hosts: ["localhost:5045"]     #将166行取消注释
#进入Apach主机下的conf,d目录下
[root@apache conf.d]# vim nginx_30.conf 
input {beats { port => "5045"}
}
output {if "nginx" in [tags] {elasticsearch {hosts => ["192.168.60.82:9200","192.168.60.83:9200"]index => "%{[fields][service_name]}-%{+YYYY.MM.dd}"}}
}
[root@test3 filebeat]# nohup ./filebeat -e -c filebeat.yml > filebeat.out &     #先去nginx起
[root@apache ~]# logstash -f nginx_30.conf --path.data /opt/test4 &         

mysql+nginx+http的日志可视化操作：

[root@mysql1 ~]# vim /etc/my.cnf        #将mysql的日志文件打开
general_log=ON
general_log_file=/usr/local/mysql/data/mysql_general.log
[root@mysql1 ~]# yum -y install httpd nginx
[root@mysql1 ~]# vim /etc/nginx/nginx.conf39         listen       82;            #将39行的端口更改，防止端口冲突40 #        listen       [::]:80;      #将40行注释
[root@mysql1 ~]# systemctl restart mysqld       #将3个服务起来
[root@mysql1 ~]# systemctl restart nginx
[root@mysql1 ~]# systemctl restart httpd
[root@mysql1 ~]# cd /opt/
[root@mysql1 opt]# rz -E
rz waiting to receive.
[root@mysql1 opt]# ls
filebeat-6.7.2-linux-x86_64.tar.gz  
[root@mysql1 opt]# tar -xf filebeat-6.7.2-linux-x86_64.tar.gz 
[root@mysql1 opt]# mv filebeat-6.7.2-linux-x86_64 filebeat
[root@mysql1 opt]# cd filebeat/
[root@mysql1 filebeat]# cp filebeat.yml filebeat.yml.bak
[root@mysql1 filebeat]# vim filebeat.yml21 - type: log22   enabled: true23   paths:24     - /var/log/nginx/access.log25     - /var/log/nginx/error.log26 tags: ["nginx"]27 fields:28    service_name: 192.168.60.91_nginx29    log_type: nginx30    from: 192.168.60.9131 32 - type: log33   enabled: true34   paths:35     - /var/log/httpd/access_log36     - /var/log/httpd/error_log37 tags: ["httpd"]38 fields:39    service_name: 192.168.60.91_httpd40    log_type: httpd41    from: 192.168.60.9142 43 - type: log44   enabled: true45   paths:46     - /usr/local/mysql/data/mysql_general.log47 tags: ["mysqld"]48 fields:49    service_name: 192.168.60.91_mysqld50    log_type: mysqld51    from: 192.168.60.91
171 #output.elasticsearch:              #将171行注释
173  # hosts: ["localhost:9200"]        #将173行注释
184 output.logstash:                    #将184行取消注释
186   hosts: ["192.168.60.91:5044"]
[root@apache conf.d]# cd /etc/logstash/conf.d
[root@apache conf.d]# vim nmh.conf
input { beats { port => "5047"}
}
output {if "nginx" in [tags] {elasticsearch {hosts => ["192.168.60.82:9200","192.168.60.83:9200"]index => "%{[fields][service_name]}-%{+YYYY.MM.dd}"}}if "mysqld" in [tags] {elasticsearch {hosts => ["192.168.60.82:9200","192.168.60.83:9200"]index => "%{[fields][service_name]}-%{+YYYY.MM.dd}"}}if "httpd" in [tags] {elasticsearch {hosts => ["192.168.60.82:9200","192.168.60.83:9200"]index => "%{[fields][service_name]}-%{+YYYY.MM.dd}"}}
​
}
[root@mysql1 filebeat]# nohup ./filebeat -e -c filebeat.yml > filebeat.out &
[root@apache conf.d]# logstash -f nmh.conf --path.data /opt/test7 &