Redmine의 production.log 모니터링
5252 단어 RedmineElasticsearch키바나Logstash
목적
Redmine의 성능 다운, 에러 등을 감시한다.
전제 조건
Redmine 서버
Redmine 서버
Elasticsearch/Kibana
모니터링 대상
/var/log/nginx/access.log
/usr/local/redmine/log/production.log
production.log의 해석 대상은 처리 시간, 스테이터스 코드를 포함한 3패턴으로 했다.
Rendered issues/index.html.erb within layouts/base (54.0ms)
Completed 200 OK in 31ms (Views: 1.2ms | ActiveRecord: 8.1ms)
Completed 302 Found in 487ms (ActiveRecord: 465.0ms)
Logstash 설정
/etc/logstash/conf.d/input.confinput {
file {
path => ["/var/log/nginx/access.log*"]
start_position => beginning
type => "nginx"
exclude => ["*.gz"]
}
file {
path => ["/usr/local/redmine/log/production.log"]
start_position => beginning
type => "redmine"
}
}
/etc/logstash/conf.d/filter.conffilter {
if [type] == "nginx" {
grok {
match => [ "message" , "%{COMBINEDAPACHELOG}+%{GREEDYDATA:forwarder} %{NUMBER:responsetime}"]
overwrite => [ "message" ]
}
date {
match=>["timestamp","dd/MMM/yyyy:HH:mm:ss Z"]
locale => us
remove_field => [ "timestamp" ]
}
mutate {
convert => ["response", "integer"]
convert => ["bytes", "integer"]
convert => ["responsetime", "float"]
gsub => ["referrer","\"",""]
gsub => ["agent","\"",""]
gsub => ["forwarder","\"",""]
}
grok {
match => { "request" => "^/%{WORD:first_path}/%{GREEDYDATA}$" }
tag_on_failure => ["_request_parse_failure"]
}
if "_request_parse_failure" in [tags] {
mutate {
replace => {"first_path" => "/"}
}
} else {
mutate {
replace => {"first_path" => "/%{first_path}" }
}
}
useragent {
source => "agent"
}
}
if [type] == "redmine" {
grok {
match => {
"message" => [
" Rendered %{GREEDYDATA:access_path} .*\(%{NUMBER:rendering_time}ms\)",
"Completed %{NUMBER:response}.*in %{NUMBER:total_time}ms \(Views: %{NUMBER:view_time}ms \| ActiveRecord: %{NUMBER:active_record_time}ms\)",
"Completed %{NUMBER:response}.*in %{NUMBER:total_time}ms \(ActiveRecord: %{NUMBER:active_record_time}ms\)"
]
}
}
mutate {
convert => ["rendering_time", "float"]
convert => ["total_time", "float"]
convert => ["view_time", "float"]
convert => ["active_record_time", "float"]
}
}
}
/etc/logstash/conf.d/output.confoutput {
if "_grokparsefailure" not in [tags] {
if [type] == "nginx" {
elasticsearch {
hosts => ["search-XXXXXXXXXXXX.ap-northeast-1.es.amazonaws.com:443"]
ssl => true
index => "nginx-%{+YYYY.MM.dd}"
}
}
if [type] == "redmine" {
elasticsearch {
hosts => ["search-XXXXXXXXXXXX.ap-northeast-1.es.amazonaws.com:443"]
ssl => true
index => "redmine-%{+YYYY.MM.dd}"
}
}
}
}
기존의 유용 때문에 AmazonES 플러그인은 사용하지 않았다.
Elasticsearch 엔드포인트의 FQDN+ 포트 443, ssl 사용을 구성합니다.
Kibana 설정
Redmine_millisec
Rendered issues/index.html.erb within layouts/base (54.0ms)
Completed 200 OK in 31ms (Views: 1.2ms | ActiveRecord: 8.1ms)
Completed 302 Found in 487ms (ActiveRecord: 465.0ms)
/etc/logstash/conf.d/input.conf
input {
file {
path => ["/var/log/nginx/access.log*"]
start_position => beginning
type => "nginx"
exclude => ["*.gz"]
}
file {
path => ["/usr/local/redmine/log/production.log"]
start_position => beginning
type => "redmine"
}
}
/etc/logstash/conf.d/filter.conf
filter {
if [type] == "nginx" {
grok {
match => [ "message" , "%{COMBINEDAPACHELOG}+%{GREEDYDATA:forwarder} %{NUMBER:responsetime}"]
overwrite => [ "message" ]
}
date {
match=>["timestamp","dd/MMM/yyyy:HH:mm:ss Z"]
locale => us
remove_field => [ "timestamp" ]
}
mutate {
convert => ["response", "integer"]
convert => ["bytes", "integer"]
convert => ["responsetime", "float"]
gsub => ["referrer","\"",""]
gsub => ["agent","\"",""]
gsub => ["forwarder","\"",""]
}
grok {
match => { "request" => "^/%{WORD:first_path}/%{GREEDYDATA}$" }
tag_on_failure => ["_request_parse_failure"]
}
if "_request_parse_failure" in [tags] {
mutate {
replace => {"first_path" => "/"}
}
} else {
mutate {
replace => {"first_path" => "/%{first_path}" }
}
}
useragent {
source => "agent"
}
}
if [type] == "redmine" {
grok {
match => {
"message" => [
" Rendered %{GREEDYDATA:access_path} .*\(%{NUMBER:rendering_time}ms\)",
"Completed %{NUMBER:response}.*in %{NUMBER:total_time}ms \(Views: %{NUMBER:view_time}ms \| ActiveRecord: %{NUMBER:active_record_time}ms\)",
"Completed %{NUMBER:response}.*in %{NUMBER:total_time}ms \(ActiveRecord: %{NUMBER:active_record_time}ms\)"
]
}
}
mutate {
convert => ["rendering_time", "float"]
convert => ["total_time", "float"]
convert => ["view_time", "float"]
convert => ["active_record_time", "float"]
}
}
}
/etc/logstash/conf.d/output.conf
output {
if "_grokparsefailure" not in [tags] {
if [type] == "nginx" {
elasticsearch {
hosts => ["search-XXXXXXXXXXXX.ap-northeast-1.es.amazonaws.com:443"]
ssl => true
index => "nginx-%{+YYYY.MM.dd}"
}
}
if [type] == "redmine" {
elasticsearch {
hosts => ["search-XXXXXXXXXXXX.ap-northeast-1.es.amazonaws.com:443"]
ssl => true
index => "redmine-%{+YYYY.MM.dd}"
}
}
}
}
기존의 유용 때문에 AmazonES 플러그인은 사용하지 않았다.
Elasticsearch 엔드포인트의 FQDN+ 포트 443, ssl 사용을 구성합니다.
Kibana 설정
Redmine_millisec
Redmine_err_count
※미리, 「response.keyword:/(4|5).*/」를 Search로서 등록
Reference
이 문제에 관하여(Redmine의 production.log 모니터링), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://qiita.com/ryouma_nagare/items/69e5efb4fbd5fcccc5eb텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념 (Collection and Share based on the CC Protocol.)