1. 计算机技术网首页
  2. web服务器教学教程
  3. 网站安全

使用flume+kafka+storm构建实时日志分析系统网站安全分享!

网站安全 阅读 0


本文只会涉及flume和kafka的结合,kafka和storm的结合可以参考其他博客
1. flume安装使用
下载flume安装包http://www.apache.org/dyn/closer.cgi/flume/1.5.2/apache-flume-1.5.2-bin.tar.gz
解压$ tar -xzvf apache-flume-1.5.2-bin.tar.gz -C /opt/flume
flume配置文件放在conf文件目录下,执行文件放在bin文件目录下。
1)配置flume
进入conf目录将flume-conf.properties.template拷贝一份,并命名为自己需要的名字
$ cp flume-conf.properties.template flume.conf
修改flume.conf的内容,我们使用file sink来接收channel中的数据,channel采用memory channel,source采用exec source,配置文件如下:
agent.sources = seqGenSrcagent.channels = memoryChannelagent.sinks = loggerSink# For each one of the sources, the type is definedagent.sources.seqGenSrc.type = execagent.sources.seqGenSrc.command = tail -F /data/mongodata/mongo.log#agent.sources.seqGenSrc.bind = 172.168.49.130# The channel can be defined as follows.agent.sources.seqGenSrc.channels = memoryChannel# Each sink’s type must be definedagent.sinks.loggerSink.type = file_rollagent.sinks.loggerSink.sink.directory = /data/flume#Specify the channel the sink should useagent.sinks.loggerSink.channel = memoryChannel# Each channel’s type is defined.agent.channels.memoryChannel.type = memory# Other config values specific to each type of channel(sink or source)# can be defined as well# In this case, it specifies the capacity of the memory channelagent.channels.memoryChannel.capacity = 1000agent.channels.memory4log.transactionCapacity = 100 2)运行flume agent
切换到bin目录下,运行一下命令:
$ ./flume-ng agent –conf ../conf -f ../conf/flume.conf –n agent -Dflume.root.logger=INFO,console
在/data/flume目录下可以看到生成的日志文件。

2. 结合kafka
由于flume1.5.2没有kafka sink,所以需要自己开发kafka sink
可以参考flume 1.6里面的kafka sink,但是要注意使用的kafka版本,由于有些kafka api不兼容的
这里只提供核心代码,process()内容。

Sink.Status status = Status.READY;

Channel ch = getChannel();
Transaction transaction = null;
Event event = null;
String eventTopic = null;
String eventKey = null;

try {
transaction = ch.getTransaction();
transaction.begin();
messageList.clear();

if (type.equals(“sync”)) {
event = ch.take();

if (event != null) {
byte[] tempBody = event.getBody();
String eventBody = new String(tempBody,”UTF-8″);
Map<String, String> headers = event.getHeaders();

if ((eventTopic = headers.get(TOPIC_HDR)) == null) {
eventTopic = topic;
}

eventKey = headers.get(KEY_HDR);

if (logger.isDebugEnabled()) {
logger.debug(“{Event} ” + eventTopic + ” : ” + eventKey + ” : ”
+ eventBody);
}

ProducerData<String, Message> data = new ProducerData<String, Message>
(eventTopic, new Message(tempBody));

long startTime = System.nanoTime();
logger.debug(eventTopic+”++++”+eventBody);
producer.send(data);
long endTime = System.nanoTime(); }
} else {
long processedEvents = 0;
for (; processedEvents < batchSize; processedEvents += 1) {
event = ch.take();

if (event == null) {
break;
}

byte[] tempBody = event.getBody();
String eventBody = new String(tempBody,”UTF-8″);
Map<String, String> headers = event.getHeaders();

if ((eventTopic = headers.get(TOPIC_HDR)) == null) {
eventTopic = topic;
}

eventKey = headers.get(KEY_HDR);

if (logger.isDebugEnabled()) {
logger.debug(“{Event} ” + eventTopic + ” : ” + eventKey + ” : ”
+ eventBody);
logger.debug(“event #{}”, processedEvents);
}

// create a message and add to buffer
ProducerData<String, String> data = new ProducerData<String, String>
(eventTopic, eventBody);
messageList.add(data);
}

// publish batch and commit.
if (processedEvents > 0) {
long startTime = System.nanoTime(); long endTime = System.nanoTime(); }
}

transaction.commit();
} catch (Exception ex) {
String errorMsg = “Failed to publish events”;
logger.error(“Failed to publish events”, ex);
status = Status.BACKOFF;
if (transaction != null) {
try {
transaction.rollback(); } catch (Exception e) {
logger.error(“Transaction rollback failed”, e);
throw Throwables.propagate(e);
}
}
throw new EventDeliveryException(errorMsg, ex);
} finally {
if (transaction != null) {
transaction.close();
}
}

return status; 下一步,修改flume配置文件,将其中sink部分的配置改成kafka sink,如:

producer.sinks.r.type = org.apache.flume.sink.kafka.KafkaSink
producer.sinks.r.brokerList = bigdata-node00:9092
producer.sinks.r.requiredAcks = 1
producer.sinks.r.batchSize = 100
#producer.sinks.r.kafka.producer.type=async
#producer.sinks.r.kafka.customer.encoding=UTF-8
producer.sinks.r.topic = testFlume1 type指向kafkasink所在的完整路径
下面的参数都是kafka的一系列参数,最重要的是brokerList和topic参数

现在重新启动flume,就可以在kafka的对应topic下查看到对应的日志


本文只会涉及flume和kafka的结合,kafka和storm的结合可以参考其他博客
1. flume安装使用
下载flume安装包https://www.apache.org/dyn/closer.cgi/flume/1.5.2/apache-flume-1.5.2-bin.tar.gz
解压$ tar -xzvf apache-flume-1.5.2-bin.tar.gz -C /opt/flume
flume配置文件放在conf文件目录下,执行文件放在bin文件目录下。
1)配置flume
进入conf目录将flume-conf.properties.template拷贝一份,并命名为自己需要的免费精选名字大全
$ cp flume-conf.properties.template flume.conf
修改flume.conf的内容,我们使用file sink来接收channel中的数据,channel采用memory channel,source采用exec source,配置文件如下:

  1. agent.sources = seqGenSrc
  2. agent.channels = memoryChannel
  3. agent.sinks = loggerSink
  5. # For each one of the sources, the type is defined
  6. agent.sources.seqGenSrc.type = exec
  7. agent.sources.seqGenSrc.command = tail -F /data/mongodata/mongo.log
  8. #agent.sources.seqGenSrc.bind = 172.168.49.130
  10. # The channel can be defined as follows.
  11. agent.sources.seqGenSrc.channels = memoryChannel
  13. # Each sink's type must be defined
  14. agent.sinks.loggerSink.type = file_roll
  15. agent.sinks.loggerSink.sink.directory = /data/flume
  17. #Specify the channel the sink should use
  18. agent.sinks.loggerSink.channel = memoryChannel
  20. # Each channel's type is defined.
  21. agent.channels.memoryChannel.type = memory
  23. # Other config values specific to each type of channel(sink or source)
  24. # can be defined as well
  25. # In this case, it specifies the capacity of the memory channel
  26. agent.channels.memoryChannel.capacity = 1000
  27. agent.channels.memory4log.transactionCapacity = 100

2)运行flume agent
切换到bin目录下,运行一下命令:
$ ./flume-ng agent –conf ../conf -f ../conf/flume.conf –n agent -Dflume.root.logger=INFO,console
在/data/flume目录下可以看到生成的日志文件。

2. 结合kafka
由于flume1.5.2没有kafka sink,所以需要自己开发kafka sink
可以参考flume 1.6里面的kafka sink,但是要注意使用的kafka版本,由于有些kafka api不兼容的
这里只提供核心代码,process()内容。

  1. Sink.Status status = Status.READY;
     

  3. Channel ch = getChannel();
  4. Transaction transaction = null;
  5. Event event = null;
  6. String eventTopic = null;
  7. String eventKey = null;

  9. try {
  10. transaction = ch.getTransaction();
  11. transaction.begin();
  12. messageList.clear();

  14. if (type.equals("sync")) {
  15. event = ch.take();

  17.  if (event != null) {
  18.         byte[] tempBody = event.getBody();
  19.  String eventBody = new String(tempBody,"UTF-8");
  20.  Map<String, String> headers = event.getHeaders();

  22.  if ((eventTopic = headers.get(TOPIC_HDR)) == null) {
  23.           eventTopic = topic;
  24.  }

  26.         eventKey = headers.get(KEY_HDR);

  28.  if (logger.isDebugEnabled()) {
  29.  logger.debug("{Event} " + eventTopic + " : " + eventKey + " : "
  30.  + eventBody);
  31.  }
  32.  
  33.         ProducerData<String, Message> data = new ProducerData<String, Message>
  34.  (eventTopic, new Message(tempBody));
  35.  
  36.  long startTime = System.nanoTime();
  37.  logger.debug(eventTopic+"++++"+eventBody);
  38.         producer.send(data);
  39.  long endTime = System.nanoTime(); 
  40.  }
  41. } else {
  42. long processedEvents = 0;
  43. for (; processedEvents < batchSize; processedEvents += 1) {
  44. event = ch.take();

  46.  if (event == null) {
  47.  break;
  48.  }

  50.  byte[] tempBody = event.getBody();
  51.  String eventBody = new String(tempBody,"UTF-8");
  52.  Map<String, String> headers = event.getHeaders();

  54.  if ((eventTopic = headers.get(TOPIC_HDR)) == null) {
  55.           eventTopic = topic;
  56.  }

  58.         eventKey = headers.get(KEY_HDR);

  60.  if (logger.isDebugEnabled()) {
  61.  logger.debug("{Event} " + eventTopic + " : " + eventKey + " : "
  62.  + eventBody);
  63.  logger.debug("event #{}", processedEvents);
  64.  }

  66.  // create a message and add to buffer
  67.         ProducerData<String, String> data = new ProducerData<String, String>
  68.  (eventTopic, eventBody);
  69.         messageList.add(data);
  70. }

  72. // publish batch and commit.
  73.  if (processedEvents > 0) {
  74.  long startTime = System.nanoTime(); 
  75.  long endTime = System.nanoTime(); 
  76.  }
  77. }

  79. transaction.commit();
  80. } catch (Exception ex) {
  81. String errorMsg = "Failed to publish events";
  82. logger.error("Failed to publish events", ex);
  83. status = Status.BACKOFF;
  84. if (transaction != null) {
  85. try {
  86. transaction.rollback(); 
  87. } catch (Exception e) {
  88. logger.error("Transaction rollback failed", e);
  89. throw Throwables.propagate(e);
  90. }
  91. }
  92. throw new EventDeliveryException(errorMsg, ex);
  93. } finally {
  94. if (transaction != null) {
  95. transaction.close();
  96. }
  97. }

  99. return status;

下一步,修改flume配置文件,将其中sink部分的配置改成kafka sink,如:

  1. producer.sinks.r.type = org.apache.flume.sink.kafka.KafkaSink
     
  2. producer.sinks.r.brokerList = bigdata-node00:9092
  3. producer.sinks.r.requiredAcks = 1
  4. producer.sinks.r.batchSize = 100
  5. #producer.sinks.r.kafka.producer.type=async
  6. #producer.sinks.r.kafka.customer.encoding=UTF-8
  7. producer.sinks.r.topic = testFlume1

type指向kafkasink所在的完整路径
下面的参数都是kafka的一系列参数,最重要的是brokerList和topic参数

现在重新启动flume,就可以在kafka的对应topic下查看到对应的日志

www.dengb.comtruehttps://www.dengb.com/wzaq/1109722.htmlTechArticle使用flume+kafka+storm构建实时日志分析系统 本文只会涉及flume和kafka的结合,kafka和storm的结合可以参考其他博客 1. flume安装使用 下载flume安装…

—-想了解更多的网站安全相关处理怎么解决关注<计算机技术网(www.ctvol.com)!!>

本文来自网络收集,不代表计算机技术网立场,如涉及侵权请联系管理员删除。

ctvol管理联系方式QQ:251552304

本文章地址:https://www.ctvol.com/webstt/websy/96109.html

(0)
0
上一篇 2020年4月26日
下一篇 2020年4月26日

精彩推荐