1、收集访问日志

1)、首先是要在nginx里面配置日志格式化输出

    log_format  main  "$http_x_forwarded_for | $time_local | $request | $status | $body_bytes_sent | $request_body | $content_length | $http_referer | $http_user_agent |"

                      "$http_cookie | $remote_addr | $hostname | $upstream_addr | $upstream_response_time | $request_time" ;

    access_log  /var/log/nginx/access.log  main;

2)、接下来开始在logstash创建处理nginx的配置文件

input {

        file {

                path => ["/var/log/nginx/access.log"]

        }

}

filter {

        ruby {

                init => "@kname =['http_x_forwarded_for','time_local','request','status','body_bytes_sent','request_body','content_length','http_referer','http_user_agent','http_cookie','remote_addr','hostname','upstream_addr','upstream_response_time','request_time']"

                code => "new_event = LogStash::Event.new(Hash[@kname.zip(event.get('message').split('|'))])

                new_event.remove('@timestamp')

                event.append(new_event)

                "

        }

if [request] {

        ruby {

                init => "@kname = ['method','uri','verb']"

                code => "

                        new_event = LogStash::Event.new(Hash[@kname.zip(event.get('request').split(' '))])

                        new_event.remove('@timestamp')

                        event.append(new_event)

                "

        }

 }

if [uri] {

        ruby{

                init => "@kname = ['url_path','url_args']"

                code => "

                        new_event = LogStash::Event.new(Hash[@kname.zip(event.get('uri').split('?'))])

                        new_event.remove('@timestamp')

                        event.append(new_event)

                "

        }

 }

kv {

        prefix =>"url_"

        source =>"url_args"

        field_split =>"&"

        include_keys => ["uid","cip"]

        remove_field => ["url_args","uri","request"]

}

mutate {

        convert => [

                "body_bytes_sent","integer",

                "content_length","integer",

                "upstream_response_time","float",

                "request_time","float"

        ]

 }

date {

        match => [ "time_local","dd/MMM/yyyy:hh:mm:ss Z" ]

        locale => "en"

 }

}

output{stdout{}}

此处的例子借鉴ELKstack权威指南里面的例子,不过书中的例子有错,我这里修改好了,可以参考书籍39页和66页

github:https://github.com/weixinqing/Logstash-example/blob/master/initnginx.conf

3)、最后允许一下看一下效果所示:

{

                  "url_path" => "/",

           "body_bytes_sent" => ,

                  "@version" => "",

                   "message" => "- | 05/Mar/2019:16:21:40 +0800 | GET / HTTP/1.1 | 304 | 0 | - | - | - | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0 |- | 172.16.0.10 | elk-chaofeng07 | - | - | 0.000",

                      "host" => "ELK-chaofeng07",

               "http_cookie" => "- ",

             "upstream_addr" => " - ",

    "upstream_response_time" => 0.0,

                "@timestamp" => --05T08::.352Z,

                       "uri" => "/",

                   "request" => " GET / HTTP/1.1 ",

                      "path" => "/var/log/nginx/access.log",

                  "url_args" => nil,

                  "hostname" => " elk-chaofeng07 ",

                      "verb" => "HTTP/1.1",

           "http_user_agent" => " Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0 ",

                "time_local" => " 05/Mar/2019:16:21:40 +0800 ",

              "request_body" => " - ",

               "remote_addr" => " 172.16.0.10 ",

                    "status" => " 304 ",

              "request_time" => 0.0,

                    "method" => "GET",

              "http_referer" => " - ",

                      "tags" => [

        [] "_dateparsefailure"

    ],

            "content_length" => ,

      "http_x_forwarded_for" => "- "

}

唯一不足的就是中间报了个错误,可以自行解决一下。

2、收集错误日志

定义logstash处理的配置文件

input{

        file {

                path => ["/var/log/nginx/error.log"]

        }

}

filter{

        grok {

                match => {"message" => "(?<datetime>\d\d\d\d/\d\d/\d\d \d\d:\d\d:\d\d) \[(?<errortype>\w+)\] \S+: \*\d+ (?<errormsg>[^,]+), \w+: %{IP:remotehost}, \w+: \w+, \w+: (?<request>[^,]+), \w+: \"%{IP:localhost}\""}

        }

        mutate {

                remove_field => ["message"]

        }

if [request] {

        ruby {

                init => "@kname = ['method','uri','verb']"

                code => "

                        new_event = LogStash::Event.new(Hash[@kname.zip(event.get('request').split(' '))])

                        new_event.remove('@timestamp')

                        event.append(new_event)

                "

        }

}

}

output{stdout{}}

查看一下效果:

{

      "@version" => "",

          "path" => "/var/log/nginx/error.log",

    "remotehost" => "172.16.0.10",

       "request" => "\"GET /8 HTTP/1.1\"",

          "verb" => "HTTP/1.1\"",

           "uri" => "/8",

          "host" => "ELK-chaofeng07",

     "localhost" => "172.16.0.57",

        "method" => "\"GET",

    "@timestamp" => --05T10::.377Z,

      "datetime" => "2019/03/05 18:43:53",

      "errormsg" => "open() \"/usr/share/nginx/html/8\" failed (2: No such file or directory)",

     "errortype" => "error"

}

Logstash收集nginx访问日志和错误日志的更多相关文章

  1. logstash收集nginx访问日志

    logstash收集nginx访问日志 安装nginx #直接yum安装: [root@elk-node1 ~]# yum install nginx -y 官方文档:http://nginx.org ...

  2. mysql基础之日志管理(查询日志、慢查询日志、错误日志、二进制日志、中继日志、事务日志)

    日志文件记录了MySQL数据库的各种类型的活动,MySQL数据库中常见的日志文件有 查询日志,慢查询日志,错误日志,二进制日志,中继日志 ,事务日志. 修改配置或者想要使配置永久生效需将内容写入配置文 ...

  3. 【夯实PHP基础】nginx php-fpm 输出php错误日志

    本文地址 原文地址 分享提纲: 1.概述 2.解决办法(解决nginx下php-fpm不记录php错误日志) 1. 概述 nginx是一个web服务器,因此nginx的access日志只有对访问页面的 ...

  4. nginx php-fpm 输出php错误日志

    nginx是一个web服务器,因此nginx的access日志只有对访问页面的记录,不会有php 的 error log信息. nginx把对php的请求发给php-fpm fastcgi进程来处理, ...

  5. nginx php-fpm 输出php错误日志(转)

    nginx是一个web服务器,因此nginx的access日志只有对访问页面的记录,不会有php 的 error log信息. nginx把对php的请求发给php-fpm fastcgi进程来处理, ...

  6. node 日志 log4js 错误日志记录

    SET DEBUG=mylog:* & npm start 原文出处:http://blog.fens.me/nodejs-log4js/ 1. 默认的控制台输出 我们使用express框架时 ...

  7. Redis的Errorlog或者启动日志(错误日志)的配置

    Errorlog或者是运行日志是任何一个软件的运行中异常诊断必看的文件之一,折腾Redis的过程中以为有默认的错误日志(或启动日志),不过一直没有发现类似的日志文件,在看了默认的配置文件之后,发现Re ...

  8. mysql 开发进阶篇系列 38 mysql日志之错误日志log-error

    一.mysql日志概述 在mysql中,有4种不同的日志,分别是错误日志,二进制日志(binlog日志),查询日志,慢查询日志.这此日志记录着数据库在不同方面的踪迹(区别sql server里只有er ...

  9. MySQL-五种日志(查询日志、慢查询日志、更新日志、二进制日志、错误日志)、备份及主从复制配置

    开启查询日志: 配置文件my.cnf: log=/usr/local/mysql/var/log.log 开启慢查询: 配置文件my.cnf: log-slow-queries=/usr/local/ ...

随机推荐

  1. 基于Docker+Prometheus+Grafana监控SpringBoot健康信息

    在微服务体系当中,监控是必不可少的.当系统环境超过指定的阀值以后,需要提醒指定的运维人员或开发人员进行有效的防范,从而降低系统宕机的风险.在CNCF云计算平台中,Prometheus+Grafana是 ...

  2. ClickHouse之简单性能测试

    前面的文章ClickHouse之初步认识已经简单的介绍了ClickHouse,接下来进行简单的性能测试.测试数据来源于美国民用航班的数据,从1987年到2017年,有1.7亿条. 环境: centos ...

  3. zookeeper ZAB协议 Follower和leader源码分析

    Follower处理逻辑 void followLeader() throws InterruptedException { //... try { //获取leader server QuorumS ...

  4. js-ES6学习笔记-const命令

    1.const声明一个只读的常量.一旦声明,常量的值就不能改变. 2.const声明的变量不得改变值,这意味着,const一旦声明变量,就必须立即初始化,不能留到以后赋值. 3.const的作用域与l ...

  5. Redis服务搭建与基础功能示例

    一.Redis简介 Redis是一个非关系型远程内存数据库,它也是一个Key-value模型的数据库.Redis支持5种数据类型(string.list.set.sorted set.hash),可以 ...

  6. [转]ionic工作原理

    本文转自:https://segmentfault.com/a/1190000011495654 1.Ionic的工作原理 Ionic通过cordova把一个Web应用嵌入原生应用 用户打开一个ion ...

  7. [转]Angular——提示框

    本文转自:https://blog.csdn.net/whm18322394724/article/details/80177950 版权声明:本文为博主原创文章,未经博主允许不得转载. https: ...

  8. Oracle 连接到RMAN

    set oracle_sid=orcl rman connect target sys/password@orcl;

  9. mysql实践总结

    首先介绍mysql的安装和基本使用.进阶操作.讲解mysql的导入导出和自动备份,然后介绍安全模式修改密码和mysql的全文本搜索功能,最后记录了个人使用mysql中遇到的问题集,闲暇时我也会多看几次 ...

  10. java_完数

    题目内容: 一个正整数的因子是所有可以整除它的正整数.而一个数如果恰好等于除它本身外的因子之和,这个数就称为完数.例如6=1+2+3(6的因子是1,2,3). 现在,你要写一个程序,读入两个正整数n和 ...