作者:手机用户26536338_53 | 来源:互联网 | 2023-09-10 13:35
五、ELK分析Nginx日志1、修改nginx服务器log_format格式cpusrlocalnginxconfnginx.confusrlocalnginxco
五、ELK分析Nginx日志
1、修改nginx服务器log_format格式
cp /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bak
vim /usr/local/nginx/conf/nginx.conf
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
2、Nginx服务器安装配置Logstash
#安装
yum localinstall logstash-6.2.3.rpm -y
#配置
vim /etc/logstash/logstash.yml
http.host: "0.0.0.0"
vim /etc/logstash/conf.d/nginx_log.conf
input {
file {
path => "/usr/local/nginx/logs/access.log"
start_position => "beginning"
type => "nginx"
}
}
filter {
grok {match => { "message" => "%{IPORHOST:http_host} %{IPORHOST:clientip} - %{USERNAME:remote_user} \[%{HTTPDATE:timestamp}\] \"(?:%{WORD:http_verb} %{NOTSPACE:http_request}(?: HTTP/%{NUMBER:http_version})?|%{DATA:raw_http_request})\" %{NUMBER:response} (?:%{NUMBER:bytes_read}|-) %{QS:referrer} %{QS:agent} %{QS:xforwardedfor} %{NUMBER:request_time:float}"}
}
geoip {
source => "clientip"
}
}
output {
stdout { codec => rubydebug }
elasticsearch {
hosts => ["192.168.1.202:9200"]
index => "nginx-test-%{+YYYY.MM.dd}"
}
}
#检查配置文件
cd /usr/share/logstash/bin/
./logstash --path.settings /etc/logstash -f /etc/logstash/conf.d/nginx_log.conf --config.test_and_exit
#启动
/etc/init.d/logstash start
3、在ES上查看索引信息
curl http://192.168.1.202:9200/_cat/indices?v
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .kibana sdsMVkoKQZaZncZf6OXEeg 1 0 2 1 11.2kb 11.2kb
yellow open nginx-1.197-2018.03.27 -IFyiRZzQH2zXSDVKiGtsg 5 1 16 0 8.4kb 8.4kb
yellow open system-syslog-2018.03 -jB76JjVRe2TtlrDkd0_kA 5 1 296 0 528.4kb 528.4kb
4、Kibana建立索引
京公网安备 11010802041100号