nginx 配置:
http {
include mime.types;
default_type application/octet-stream;
log_format main '$http_host $server_addr $remote_addr [$time_local] "$request" '
'$request_body $status $body_bytes_sent "$http_referer" "$http_user_agent" '
'$request_time $upstream_response_time';
#send the log to syslog and file.
access_log /var/log/nginx/access.log main; # pre 1.5.x
error_log /var/log/nginx/error.log; nginx 服务器rsyslog配置:
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
module(load="imfile" PollingInterval="5")
$ModLoad imtcp
$InputTCPServerRun 514
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none;local5.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
input(type="imfile"
File="/var/log/nginx/access.log"
Tag="uat-frontend01-access"
Severity="info"
Facility="local5")
input(type="imfile"
File="/var/log/nginx/error.log"
Tag="uat-frontend01-error"
Severity="info"
Facility="local5")
local5.* @@xx:514 logstash 配置;
zjtest7-frontend:/usr/local/logstash-2.3.4/config# cat loguat.cof
input {
file {
type => "uat_nginx_access"
path => ["/rsyslog/data/nginx/uat/nginx_access0*_log.*"]
}
}
filter {
grok {
match => {
"message" => "%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>\S+)\" \"(?<http_x_forwarded_for>\S+)\""
}
}
} output {
elasticsearch {
hosts => "192.168.32.80:9200"
index => "logstash-uat-test"
}
stdout {
codec => rubydebug
}
} logstash 输出;
zjtest7-frontend:/usr/local/logstash-2.3.4/config# ../bin/logstash -f loguat.cof
Settings: Default pipeline workers: 1
Pipeline main started
{
"message" => " uatest.winfae.com 121.40.189.90 121.40.205.143 [29/Aug/2016:09:42:25 +0800] \"GET /wechat/css/wechat.2a00a782.css HTTP/1.1\" - 304 0 \"https://uatest.winfae.com/wechat/account.html\" \"Mozilla/5.0 (Linux; Android 5.1.1; vivo X6S A Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile MQQBrowser/6.2 TBS/036558 Safari/537.36 MicroMessenger/6.3.25.861 NetType/WIFI Language/zh_CN\" 0.000 -",
"@version" => "1",
"@timestamp" => "2016-08-29T01:45:09.748Z",
"path" => "/rsyslog/data/nginx/uat/nginx_access01_log.2016-08-29",
"host" => "0.0.0.0",
"type" => "uat_nginx_access",
"tags" => [
[0] "_grokparsefailure"
]
} elasticsearch 输出; { "_index": "logstash-uat-test",
"_type": "uat_nginx_access",
"_id": "AVbT-JPMEY-onx06xYf_",
"_version": 1,
"_score": 1,
"_source": {
"message": " uatest.winfae.com 121.40.189.90 121.40.205.143 [29/Aug/2016:09:42:25 +0800] "GET /wechat/js/libs/dialog-min.88247f5e.js HTTP/1.1" - 304 0 "https://uatest.winfae.com/wechat/account.html" "Mozilla/5.0 (Linux; Android 5.1.1; vivo X6S A Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile MQQBrowser/6.2 TBS/036558 Safari/537.36 MicroMessenger/6.3.25.861 NetType/WIFI Language/zh_CN" 0.000 -",
"@version": "1",
"@timestamp": "2016-08-29T01:45:10.220Z",
"path": "/rsyslog/data/nginx/uat/nginx_access01_log.2016-08-29",
"host": "0.0.0.0",
"type": "uat_nginx_access",
"tags": [
"_grokparsefailure"
]
} <img src="http://img.blog.csdn.net/20160829100135123?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQv/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/Center" alt="" />

nginx grok 正则错误的输出情况的更多相关文章

  1. nginx location正则写法

    nginx location正则写法 一个示例: location = / { # 精确匹配 / ,主机名后面不能带任何字符串 [ configuration A ] } location / { # ...

  2. nginx location正则写法(转载)

    nginx location正则写法 一个示例: location = / { # 精确匹配 / ,主机名后面不能带任何字符串 [ configuration A ] } location / { # ...

  3. 如何解决Nginx php 50x 错误

    SEO反馈百度爬虫经常504,一般情况下是由nginx默认的fastcgi进程响应慢引起的,但也有其他情况,这里我总结了一些解决办法供大家参考.   方法/步骤 一般50x状态码问题分析: Nginx ...

  4. nginx location正则

    nginx location正则写法 一个示例: location = / { # 精确匹配 / ,主机名后面不能带任何字符串 [ configuration A ] } location / { # ...

  5. NGINX 配置404错误页面转向

    什么是404页面 如果碰巧网站出了问题,或者用户试图访问一个并不存在的页面时,此时服务器会返回代码为404的错误信息,此时对应页面就是404页面.404页面的默认内容和具体的服务器有关.如果后台用的是 ...

  6. Nginx_HTTP 499 状态码 nginx下 499错误

    日志记录中HTTP状态码出现499错误有多种情况,我遇到的一种情况是nginx反代到一个永远打不开的后端,就这样了,日志状态记录是499.发送字节数是0. 老是有用户反映网站系统时好时坏,因为线上的产 ...

  7. grok 正则解析日志例子<1>

    <pre name="code" class="html">下面是日志的样子 55.3.244.1 GET /index.html 15824 0. ...

  8. NGINX 配置404错误页面转向

    什么是404页面 如果碰巧网站出了问题,或者用户试图访问一个并不存在的页面时,此时服务器会返回代码为404的错误信息,此时对应页面就是404页面.404页面的默认内容和具体的服务器有关.如果后台用的是 ...

  9. HTTP 499 状态码 nginx下 499错误[转]

    日志记录中HTTP状态码出现499错误有多种情况,我遇到的一种情况是nginx反代到一个永远打不开的后端,就这样了,日志状态记录是499.发送字节数是0. 老是有用户反映网站系统时好时坏,因为线上的产 ...

随机推荐

  1. Linux APP源码级编译安装

    首先需要了解下tar包. 以下文章作出解释了: http://www.cnblogs.com/laipDIDI/articles/2214270.html http://baike.baidu.com ...

  2. App开发革命进阶路

    APP开发的成败,或许不是程序编辑的多么完美,界面设计的多么精致,其实这就是一场用户体验的革命. APP的使用场景是移动设备,人机交互以单指手“触点”为主,大段文字输入是交互的禁区.因此,APP带来了 ...

  3. web api\ protobuf \formatter

    9:50:20吴X2014/11/7 9:50:20 9:55:14吴X2014/11/7 9:55:14webapi实现protobuf吴X2014/11/7 9:56:29http://www.s ...

  4. 关于找不到stdafx.h头文件问题

    代码: #include "stdafx.h" #include "stdlib.h" char* getcharBuffer() { return " ...

  5. UESTC_秋实大哥搞算数 2015 UESTC Training for Data Structures<Problem N>

    N - 秋实大哥搞算数 Time Limit: 3000/1000MS (Java/Others)     Memory Limit: 65535/65535KB (Java/Others) Subm ...

  6. SVN强制填写日志

    在F:\Repositories\版本库名\hooks下新建pre-commit.bat 内容如下: @echo off setlocal set SVN_BINDIR="C:\Progra ...

  7. Ajax跨域访问解决办法

    方法1. jsonp实现ajax跨域访问示例 jsp代码: <body> <input type="button" onclick="testJsonp ...

  8. 多线程:pthread_exit,pthread_join,pthread_self

    /*exit_join_id.c*/ #include<pthread.h> #include<stdio.h> void* eji(void* agr) { printf(& ...

  9. RMAN备份各种物理文件

    RMAN运行脚本的方式:RMAN TARGET / @backup_db.rmanRMAN TARGET / cmdfile=backup_db.rman在RMAN中执行操作系统中保存的脚本:RMAN ...

  10. 谈谈javascript的函数表达式及其应用

    我们都知道定义函数的方式有两种,一种是函数声明,另外一种就是函数表达式. 函数声明 语法为:function关键字后跟函数名.例如: function functionName(arg0) { //函 ...