- cs架构 [c:172.16.210.13; s:172.16.210.12]
- c和s端,如果按照插件,都需要ruby2.2以上,安装2.5即可
官方下载ruby源码,./configure --prefix=/usr && make && make install 即可client端:
# 客户端需要安装的插件
#用于路径中加入tag
/opt/td-agent/embedded/bin/fluent-gem install fluent-plugin-forest
#用于修改tag
/opt/td-agent/embedded/bin/fluent-gem install fluent-plugin-rewrite-tag-filter
#用于正则匹配日志内容,进行筛选
/opt/td-agent/embedded/bin/fluent-gem install fluent-plugin-grep
#用于修改record
/opt/td-agent/embedded/bin/fluent-gem install fluent-plugin-record-reformer
client端配置:
chown -R td-agent.tdagent /var/log/nginx
[root@localhost td-agent]# cat td-agent.conf
<source>
@type tail
format ltsv
path /var/log/nginx/access.log
pos_file /var/log/td-agent/tmp/access.log.pos
tag nginx.access
time_key time
time_format %d/%b/%Y:%H:%M:%S %z
</source>
<match nginx.**>
@type forward
time_as_integer true ##BUG 不配置该行,server端一直报错,折腾半天,大坑
<server>
host 172.16.210.12
port 24224
</server>
</match>注意事项:nginx日志目录,需要给tg-agent用户权限,否则不能读取日志
修改了nginx日志格式:
nginx.conf中加入该日志格式,即可
log_format ltsv "time:$time_local"
"\trealip:$remote_addr"
"\txffip:$http_x_forwarded_for"
"\treq:$request"
"\tstatus:$status"
"\tsize:$body_bytes_sent"
"\treferer:$http_referer"
"\tua:$http_user_agent"
"\treqtime:$request_time"
"\tvhost:$host";
access_log /var/log/nginx/access.log ltsv;serve端:
# 服务器端需要安装的插件
/opt/td-agent/embedded/bin/fluent-gem install fluent-plugin-forest
server端配置:
mkdir -pv /data/fluentd && chown -R td-agent.tdagent /data/fluentd
[root@localhost td-agent]# cat td-agent.conf
<source>
@type forward
port 24224
bind 172.16.210.12
</source>
<match nginx.*>
@type file
time_slice_format %Y%m%d
path /data/fluentd/nginx.access.log
time_slice_format %Y%m%d
compress gzip #开启压缩
flush_interval 10s
append true #自动追加新日志到压缩文件
</match>验证:
配置完成后,浏览器访问client的nginx,查看访问日志,稍等片刻,对比服务端,会在/data/fluentd目录下生成一个压缩的日志文件,gunzip -c xxx | less 对比即可
该zip压缩文件会自动追加新的日志文件,所以不需要再压缩日志