logstash收集nginx访问日志

安装nginx

#直接yum安装:

[root@elk-node1 ~]# yum install nginx  -y

官方文档:http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format

#修改配置文件的日志格式:

vim /etc/nginx/nginx.conf

#在http模块中添加

          log_format json '{"@timestamp":"$time_iso8601",'

                           '"@version":"1",'

                           '"client":"$remote_addr",'

                           '"url":"$uri",'

                           '"status":"$status",'

                           '"domain":"$host",'

                           '"host":"$server_addr",'

                           '"size":$body_bytes_sent,'

                           '"responsetime":$request_time,'

                           '"referer": "$http_referer",'

                           '"ua": "$http_user_agent"'

               '}';

#在server模块中添加

access_log  /var/log/nginx/access_json.log  json;

#修改后的nginx.conf文件

[root@elk-node1 ~]# grep -Ev "#|^&" /etc/nginx/nginx.conf

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {

    worker_connections 1024;

}

http {

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

          log_format json '{"@timestamp":"$time_iso8601",'

                           '"@version":"1",'

                           '"client":"$remote_addr",'

                           '"url":"$uri",'

                           '"status":"$status",'

                           '"domain":"$host",'

                           '"host":"$server_addr",'

                           '"size":$body_bytes_sent,'

                           '"responsetime":$request_time,'

                           '"referer": "$http_referer",'

                           '"ua": "$http_user_agent"'

               '}';

    sendfile            on;

    tcp_nopush          on;

    tcp_nodelay         on;

    keepalive_timeout   65;

    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;

    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

    server {

        listen       80 default_server;

        listen       [::]:80 default_server;

        server_name  _;

        root         /usr/share/nginx/html;

        include /etc/nginx/default.d/*.conf;

    access_log  /var/log/nginx/access_json.log  json;

        location / {

        }

        error_page 404 /404.html;

            location = /40x.html {

        }

        error_page 500 502 503 504 /50x.html;

            location = /50x.html {

        }

    }

}

#启动:

[root@controller ~]# systemctl start nginx

root@elk-node1 ~]# ss -lntp|grep 80

LISTEN     0      511          *:80                       *:*                   users:(("nginx",pid=8045,fd=6),("nginx",pid=8044,fd=6),("nginx",pid=8043,fd=6))

LISTEN     0      511         :::80                      :::*                   users:(("nginx",pid=8045,fd=7),("nginx",pid=8044,fd=7),("nginx",pid=8043,fd=7))

浏览器访问:http://192.168.247.135/

查看nginx日志

编写logstash

#添加nginx日志格式到之前logstash的elk-log.yml

[root@elk-node1 ~]# cat /etc/logstash/conf.d/elk_log.conf

input {

    file {

      path => "/var/log/messages"

      type => "system"

      start_position => "beginning"

    }

    file {

       path => "/var/log/elasticsearch/hejianlai.log"

       type => "es-error"

       start_position => "beginning"

      codec => multiline {

          pattern => "^\["

          negate => true

          what => "previous"

        }

    }

       file {

       path => "/var/log/nginx/access_json.log"

       codec => json

       start_position => "beginning"

       type => "nginx-log"

    }

}

output {

    if [type] == "system"{

        elasticsearch {

           hosts => ["192.168.247.135:9200"]

           index => "systemlog-%{+YYYY.MM.dd}"

        }

    }

    if [type] == "es-error"{

        elasticsearch {

           hosts => ["192.168.247.135:9200"]

           index => "es-error-%{+YYYY.MM.dd}"

        }

    }

       if [type] == "nginx-log"{

        elasticsearch {

           hosts => ["192.168.247.135:9200"]

           index => "nginx-log-%{+YYYY.MM.dd}"

        }

    }

}

#添加--configtest参数检查配置语法是否有误!!!
[root@elk-node1 ~]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/elk_log.conf --configtest
Configuration OK
#把之前后台运行的进程kill掉重启:
[root@elk-node1 ~]# ps aux|grep elk
root       3248  0.8  6.0 3632960 234924 pts/2  Sl   11:25   1:10 /usr/local/java/jdk1.8.0_171/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless=true -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -Xmx1g -Xss2048k -Djffi.boot.library.path=/opt/logstash/vendor/jruby/lib/jni -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless=true -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/opt/logstash/heapdump.hprof -Xbootclasspath/a:/opt/logstash/vendor/jruby/lib/jruby.jar -classpath ::/usr/local/java/jdk1.8.0_171/lib:/usr/local/java/jdk1.8.0_171/jre/lib -Djruby.home=/opt/logstash/vendor/jruby -Djruby.lib=/opt/logstash/vendor/jruby/lib -Djruby.script=jruby -Djruby.shell=/bin/sh org.jruby.Main --1.9 /opt/logstash/lib/bootstrap/environment.rb logstash/runner.rb agent -f /etc/logstash/conf.d/elk_log.conf
root       8135  0.0  0.0 112704   976 pts/0    S+   13:38   0:00 grep --color=auto elk
[root@elk-node1 ~]# kill -9 3248
You have new mail in /var/spool/mail/root
[root@elk-node1 ~]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/elk_log.conf &
[1] 8178

kibana添加nginx日志

首先在es插件中我们能看到nginx-log的索引

设置kibana

logstash收集nginx访问日志的更多相关文章

  1. Logstash收集nginx访问日志和错误日志

    1.收集访问日志 1).首先是要在nginx里面配置日志格式化输出 log_format main "$http_x_forwarded_for | $time_local | $reque ...

  2. logstash 处理nginx 访问日志

    [root@dr-mysql01 frontend]# cat logstash_frontend.conf input { file { type => "zj_frontend_a ...

  3. Logstash+ElasticSearch+Kibana处理nginx访问日志(转)

    ELK似乎是当前最为流行的日志收集-存储-分析的全套解决方案. 去年年初, 公司里已经在用, 当时自己还山寨了一个统计系统(postgresql-echarts, 日志无结构化, json形式存储到p ...

  4. Nginx 访问日志轮询切割

    Nginx 访问日志轮询切割脚本 #!/bin/sh Dateformat=`date +%Y%m%d` Basedir="/application/nginx" Nginxlog ...

  5. 按日期切割nginx访问日志--及性能优化

    先谈下我们需求,一个比较大的nginx访问日志,根据访问日期切割日志,保存在/tmp目录下. 测试机器为腾讯云机子,单核1G内存.测试日志大小80M. 不使用多线程版: #!/usr/bin/env ...

  6. 一、基于hadoop的nginx访问日志分析---解析日志篇

    前一阵子,搭建了ELK日志分析平台,用着挺爽的,再也不用给开发拉各种日志,节省了很多时间. 这篇博文是介绍用python代码实现日志分析的,用MRJob实现hadoop上的mapreduce,可以直接 ...

  7. Python正则表达式,统计分析nginx访问日志

    目标: 1.正则表达式 2.oop编程,统计nginx访问日志中不同IP地址出现的次数并排序 1.正则表达式 #!/usr/bin/env python # -*- coding: utf-8 -*- ...

  8. logstash收集TCP端口日志

    logstash收集TCP端口日志官方地址:https://www.elastic.co/guide/en/logstash-versioned-plugins/current/index.html ...

  9. 使用python找出nginx访问日志中访问次数最多的10个ip排序生成网页

    使用python找出nginx访问日志中访问次数最多的10个ip排序生成网页 方法1:linux下使用awk命令 # cat access1.log | awk '{print $1" &q ...

随机推荐

  1. the default terminal(gnome-terminal) start up fail

    Platform:  Ubuntu 16.04 LTS Reason: variable $LANG on system is empty Solution: localectl set-locale ...

  2. Eclipse 安装 AmaterasUML 插件

    网上很多Eclipse 安装UML插件教程,可能对高版本Eclipse都无法安装成功,本文提供的安装方式,亲测可用. 一.安装GEF插件 1.打开eclipse官网 https://www.eclip ...

  3. unity中的Culling Mask

    摄像机按层渲染 Camera.cullingMask = 1<<x;//渲染x层 Camera.cullingMask = ~(1<<x);//渲染除去x的所有层 Camera ...

  4. (PMP)解题技巧和典型题目分析(每日20题)

    3.11 1.A(C),2.D,3.A,4.B,5.A(C),6.D(A),7.D,8.A(D),9.B,10.D(B), 11.C(B),12.C(D),13.B,14.D,15.C,16.C(D) ...

  5. Educational Codeforces Round 58 (Rated for Div. 2) F dp + 优化(新坑) + 离线处理

    https://codeforces.com/contest/1101/problem/F 题意 有n个城市,m辆卡车,每辆卡车有起点\(s_i\),终点\(f_i\),每公里油耗\(c_i\),可加 ...

  6. java中super(),与构造方法链(constructor chaining)

    public class Apple extends Fruit { } class Fruit{ public Fruit(String name){ System.out.println(&quo ...

  7. 数据库的Connection、Cursor两大对象

    Python 数据库图解流程 Connection.Cursor比喻 Connection()的参数列表 host,连接的数据库服务器主机名,默认为本地主机(localhost). user,连接数据 ...

  8. java面试一、1.4锁机制

    免责声明:     本文内容多来自网络文章,转载为个人收藏,分享知识,如有侵权,请联系博主进行删除. 1.3.锁机制 说说线程安全问题,什么是线程安全,如何保证线程安全 线程安全:当多个线程访问某一个 ...

  9. jquery复制值到剪切板(clipboard.js)

    引入一个clipboard.js文件即可使用,下载地址:https://github.com/zenorocha/clipboard.js <script type="text/jav ...

  10. IntelliJ IDEA的main方法,for循环,syso的快捷键

    原文链接:http://blog.csdn.net/tiantiandjava/article/details/42269173 今天偶然发现了IntelliJ中 创建main函数的快捷键,依次还有f ...