Logstash深入收集Nginx日志
2022/9/8 5:23:03
本文主要是介绍Logstash深入收集Nginx日志,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
Logstash深入收集Nginx日志
安装nginx
[root@elkstack03 ~]# yum install -y nginx ## 主配置文件 [root@elkstack03 ~]# cat /etc/nginx/nginx.conf user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 4096; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/conf.d/*.conf; } ## 子配置文件 [root@elkstack03 ~]# vim /etc/nginx/conf.d/www.conf server{ listen 80; server_name _; root /code; index index.html; } [root@elkstack03 ~]# mkdir /code [root@elkstack03 ~]# echo 'test nginx' > /code/index.html [root@elkstack03 ~]# systemctl start nginx
将nginx日志改成Json格式
之前我们讲了tomcat日志,在企业中,修改格式需要与开发商量,但是nginx我们不需要,如果需要原来的格式日志,我们可以将日志输出两份,一份 main
格式,一份Json
格式
http{ ... log_format json '{"@timestamp":"$time_iso8601",' '"host":"$server_addr",' '"ipaddr":"$remote_addr",' '"login_user":"$remote_user",' '"size":$body_bytes_sent,' '"responsetime":$request_time,' '"upstreamtime":"$upstream_response_time",' '"upstreamhost":"$upstream_addr",' '"http_host":"$host",' '"url":"$uri",' '"domain":"$host",' '"xff":"$http_x_forwarded_for",' '"referer":"$http_referer",' '"status":"$status"}'; ... } [root@elkstack03 conf.d]# vim www.conf server{ listen 80; server_name www.zls.com; root /code; index index.html; access_log /var/log/nginx/www.zls.com_access_json.log json; } [root@elkstack03 conf.d]# cat /etc/nginx/conf.d/blog.conf server{ listen 80; server_name blog.zls.com; root /blog; index index.html; access_log /var/log/nginx/blog.zls.com_access_json.log json; }
使用Logstash收集nginx日志
[root@elkstack03 conf.d]# cat /etc/logstash/conf.d/nginx_file_es.conf input{ file{ type => "www.zls.com_access" path => "/var/log/nginx/www.zls.com_access_json.log" start_position => "beginning" } file{ type => "blog.zls.com_access" path => "/var/log/nginx/blog.zls.com_access_json.log" start_position => "beginning" } } filter{ json{ source => "message" remove_field => ["message"] } } output{ elasticsearch{ hosts => ["10.0.0.81:9200"] index => "%{type}-%{+yyyy.MM.dd}" codec => "json" } } [root@elkstack03 conf.d]# /usr/share/logstash/bin/logstash --path.data=/var/lib/logstash/nginx -f /etc/logstash/conf.d/nginx_file_es.conf &
这篇关于Logstash深入收集Nginx日志的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-12-13用Nginx防范DDoS攻击的那些事儿
- 2024-12-13用Terraform在AWS上搭建简单NGINX服务器指南
- 2024-10-29Nginx发布学习:从入门到实践的简单教程
- 2024-10-28Nginx发布:新手入门教程
- 2024-10-21nginx 怎么设置文件上传最大20M限制-icode9专业技术文章分享
- 2024-10-17关闭 nginx的命令是什么?-icode9专业技术文章分享
- 2024-09-17Nginx实用篇:实现负载均衡、限流与动静分离
- 2024-08-21宝塔nginx新增8022端口方法步骤-icode9专业技术文章分享
- 2024-08-21nginx配置,让ws升级为wss访问的方法步骤-icode9专业技术文章分享
- 2024-08-15nginx ws代理配置方法步骤-icode9专业技术文章分享