修改nginx日志格式为json格式
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
[root@web01 ~]# cat /etc/nginx/nginx.conf ... ... http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format json '{"@timestamp":"$time_iso8601",' '"host":"$server_addr",' '"clientip":"$remote_addr",' '"size":$body_bytes_sent,' '"responsetime":$request_time,' '"upstreamtime":"$upstream_response_time",' '"upstreamhost":"$upstream_addr",' '"http_host":"$host",' '"url":"$uri",' '"referer":"$http_referer",' '"agent":"$http_user_agent",' '"status":"$status"}'; #access_log /var/log/nginx/access.log main; access_log /var/log/nginx/access.log json; sendfile on; client_max_body_size 100M; keepalive_timeout 65; include /etc/nginx/conf.d/*.conf; } |
重启nginx访问查看日志
|
1 2 3 4 |
[root@web01 ~]# systemctl restart nginx [root@web01 ~]# tail -f /var/log/nginx/access.log {"@timestamp":"2020-12-04T17:39:22+08:00","host":"10.0.0.7","clientip":"10.0.0.1","size":0,"responsetime":0.000,"upstreamtime":"-","upstreamhost":"-","http_host":"10.0.0.7","url":"/index.html","referer":"-","agent":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36","status":"304"} |
配置logstash收集nginx日志
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[root@web01 ~]# vim /etc/logstash/conf.d/nginx_log_es.conf input { file { path => "/var/log/nginx/access.log" start_position => "end" type => "access_log" } } output { elasticsearch { hosts => ["10.0.0.71:9200"] index => "nginx_access_log_%{+YYYY-MM-dd}" } } |
启动并测试
|
1 2 |
[root@web01 ~]# logstash -f /etc/logstash/conf.d/nginx_log_es.conf |