1、收集访问日志

1)、首先是要在nginx里面配置日志格式化输出

    log_format  main  "$http_x_forwarded_for | $time_local | $request | $status | $body_bytes_sent | $request_body | $content_length | $http_referer | $http_user_agent |"

                      "$http_cookie | $remote_addr | $hostname | $upstream_addr | $upstream_response_time | $request_time" ;

    access_log  /var/log/nginx/access.log  main;

2)、接下来开始在logstash创建处理nginx的配置文件

input {

        file {

                path => ["/var/log/nginx/access.log"]

        }

}

filter {

        ruby {

                init => "@kname =['http_x_forwarded_for','time_local','request','status','body_bytes_sent','request_body','content_length','http_referer','http_user_agent','http_cookie','remote_addr','hostname','upstream_addr','upstream_response_time','request_time']"

                code => "new_event = LogStash::Event.new(Hash[@kname.zip(event.get('message').split('|'))])

                new_event.remove('@timestamp')

                event.append(new_event)

                "

        }

if [request] {

        ruby {

                init => "@kname = ['method','uri','verb']"

                code => "

                        new_event = LogStash::Event.new(Hash[@kname.zip(event.get('request').split(' '))])

                        new_event.remove('@timestamp')

                        event.append(new_event)

                "

        }

 }

if [uri] {

        ruby{

                init => "@kname = ['url_path','url_args']"

                code => "

                        new_event = LogStash::Event.new(Hash[@kname.zip(event.get('uri').split('?'))])

                        new_event.remove('@timestamp')

                        event.append(new_event)

                "

        }

 }

kv {

        prefix =>"url_"

        source =>"url_args"

        field_split =>"&"

        include_keys => ["uid","cip"]

        remove_field => ["url_args","uri","request"]

}

mutate {

        convert => [

                "body_bytes_sent","integer",

                "content_length","integer",

                "upstream_response_time","float",

                "request_time","float"

        ]

 }

date {

        match => [ "time_local","dd/MMM/yyyy:hh:mm:ss Z" ]

        locale => "en"

 }

}

output{stdout{}}

此处的例子借鉴ELKstack权威指南里面的例子,不过书中的例子有错,我这里修改好了,可以参考书籍39页和66页

github:https://github.com/weixinqing/Logstash-example/blob/master/initnginx.conf

3)、最后允许一下看一下效果所示:

{

                  "url_path" => "/",

           "body_bytes_sent" => ,

                  "@version" => "",

                   "message" => "- | 05/Mar/2019:16:21:40 +0800 | GET / HTTP/1.1 | 304 | 0 | - | - | - | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0 |- | 172.16.0.10 | elk-chaofeng07 | - | - | 0.000",

                      "host" => "ELK-chaofeng07",

               "http_cookie" => "- ",

             "upstream_addr" => " - ",

    "upstream_response_time" => 0.0,

                "@timestamp" => --05T08::.352Z,

                       "uri" => "/",

                   "request" => " GET / HTTP/1.1 ",

                      "path" => "/var/log/nginx/access.log",

                  "url_args" => nil,

                  "hostname" => " elk-chaofeng07 ",

                      "verb" => "HTTP/1.1",

           "http_user_agent" => " Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0 ",

                "time_local" => " 05/Mar/2019:16:21:40 +0800 ",

              "request_body" => " - ",

               "remote_addr" => " 172.16.0.10 ",

                    "status" => " 304 ",

              "request_time" => 0.0,

                    "method" => "GET",

              "http_referer" => " - ",

                      "tags" => [

        [] "_dateparsefailure"

    ],

            "content_length" => ,

      "http_x_forwarded_for" => "- "

}

唯一不足的就是中间报了个错误,可以自行解决一下。

2、收集错误日志

定义logstash处理的配置文件

input{

        file {

                path => ["/var/log/nginx/error.log"]

        }

}

filter{

        grok {

                match => {"message" => "(?<datetime>\d\d\d\d/\d\d/\d\d \d\d:\d\d:\d\d) \[(?<errortype>\w+)\] \S+: \*\d+ (?<errormsg>[^,]+), \w+: %{IP:remotehost}, \w+: \w+, \w+: (?<request>[^,]+), \w+: \"%{IP:localhost}\""}

        }

        mutate {

                remove_field => ["message"]

        }

if [request] {

        ruby {

                init => "@kname = ['method','uri','verb']"

                code => "

                        new_event = LogStash::Event.new(Hash[@kname.zip(event.get('request').split(' '))])

                        new_event.remove('@timestamp')

                        event.append(new_event)

                "

        }

}

}

output{stdout{}}

查看一下效果:

{

      "@version" => "",

          "path" => "/var/log/nginx/error.log",

    "remotehost" => "172.16.0.10",

       "request" => "\"GET /8 HTTP/1.1\"",

          "verb" => "HTTP/1.1\"",

           "uri" => "/8",

          "host" => "ELK-chaofeng07",

     "localhost" => "172.16.0.57",

        "method" => "\"GET",

    "@timestamp" => --05T10::.377Z,

      "datetime" => "2019/03/05 18:43:53",

      "errormsg" => "open() \"/usr/share/nginx/html/8\" failed (2: No such file or directory)",

     "errortype" => "error"

}

Logstash收集nginx访问日志和错误日志的更多相关文章

  1. logstash收集nginx访问日志

    logstash收集nginx访问日志 安装nginx #直接yum安装: [root@elk-node1 ~]# yum install nginx -y 官方文档:http://nginx.org ...

  2. mysql基础之日志管理(查询日志、慢查询日志、错误日志、二进制日志、中继日志、事务日志)

    日志文件记录了MySQL数据库的各种类型的活动,MySQL数据库中常见的日志文件有 查询日志,慢查询日志,错误日志,二进制日志,中继日志 ,事务日志. 修改配置或者想要使配置永久生效需将内容写入配置文 ...

  3. 【夯实PHP基础】nginx php-fpm 输出php错误日志

    本文地址 原文地址 分享提纲: 1.概述 2.解决办法(解决nginx下php-fpm不记录php错误日志) 1. 概述 nginx是一个web服务器,因此nginx的access日志只有对访问页面的 ...

  4. nginx php-fpm 输出php错误日志

    nginx是一个web服务器,因此nginx的access日志只有对访问页面的记录,不会有php 的 error log信息. nginx把对php的请求发给php-fpm fastcgi进程来处理, ...

  5. nginx php-fpm 输出php错误日志(转)

    nginx是一个web服务器,因此nginx的access日志只有对访问页面的记录,不会有php 的 error log信息. nginx把对php的请求发给php-fpm fastcgi进程来处理, ...

  6. node 日志 log4js 错误日志记录

    SET DEBUG=mylog:* & npm start 原文出处:http://blog.fens.me/nodejs-log4js/ 1. 默认的控制台输出 我们使用express框架时 ...

  7. Redis的Errorlog或者启动日志(错误日志)的配置

    Errorlog或者是运行日志是任何一个软件的运行中异常诊断必看的文件之一,折腾Redis的过程中以为有默认的错误日志(或启动日志),不过一直没有发现类似的日志文件,在看了默认的配置文件之后,发现Re ...

  8. mysql 开发进阶篇系列 38 mysql日志之错误日志log-error

    一.mysql日志概述 在mysql中,有4种不同的日志,分别是错误日志,二进制日志(binlog日志),查询日志,慢查询日志.这此日志记录着数据库在不同方面的踪迹(区别sql server里只有er ...

  9. MySQL-五种日志(查询日志、慢查询日志、更新日志、二进制日志、错误日志)、备份及主从复制配置

    开启查询日志: 配置文件my.cnf: log=/usr/local/mysql/var/log.log 开启慢查询: 配置文件my.cnf: log-slow-queries=/usr/local/ ...

随机推荐

  1. Android中服务的生命周期与两种方式的区别

    服务的生命周期跟Activity的生命周期类似.但是生命周期甚至比你关注服务如何创建和销毁更重要,因为服务能够在用户不知情的情况下在后台运行. 服务的生命周期---从创建到销毁---可以被分为以下两个 ...

  2. java——IObufferedReader文件输入输出流

    package com.jredu.ch02_lianxi; import java.io.BufferedReader;import java.io.BufferedWriter;import ja ...

  3. 四:理解Page类的运行机制(例:基于PageStatePersister的页面状态存取)

    有人说类似gridview datalist这样的控件最好不要用在高并发,IO大的网站中企业应用中为了快速开发到可以用一用因为这是一类"沉重"的组件我们姑且不谈这种看法的正确性(我 ...

  4. Java工程师学习指南 完结篇

    Java工程师学习指南 完结篇 先声明一点,文章里面不会详细到每一步怎么操作,只会提供大致的思路和方向,给大家以启发,如果真的要一步一步指导操作的话,那至少需要一本书的厚度啦. 因为笔者还只是一名在校 ...

  5. Spring Boot + Spring Cloud 实现权限管理系统 后端篇(二十四):权限控制(Shiro 注解)

    在线演示 演示地址:http://139.196.87.48:9002/kitty 用户名:admin 密码:admin 技术背景 当前,我们基于导航菜单的显示和操作按钮的禁用状态,实现了页面可见性和 ...

  6. 高并发连接导致打开文件过多:java.io.IOException: Too many open files 解决方法

    用 CentOS 做 API 接口服务器供其他终端调用时,并发量高会报错:java.io.IOException: Too many open files. 其原因是在 Linux 下默认的Socke ...

  7. memcached优化方案实例

    <?php //引入memcached require_once '../class/memcached.class.php'; //连接MySQL $link = mysqli_connect ...

  8. Linux C++开发学习(一)

    一.简单输出 简单的小程序 1.安装g++ sudo install g++ 2.编写c++程序,helloworld.cpp #include<iostream> using names ...

  9. Yapi学习笔记

    . 下载源码:https://github.com/YMFE/yapi 2. 安装MongoDB数据库,下载地址:链接:https://pan.baidu.com/s/1bZKlcy 密码:ah3n ...

  10. hadoop fs,hadoop dfs,hdfs dfs

    hadoop fs: FS relates to a generic file system which can point to any file systems like local, HDFS ...