收集Nginx的json格式日志

Posted jimmy_xuli

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了收集Nginx的json格式日志相关的知识,希望对你有一定的参考价值。

一.配置nginx

[root@linux-node1 ~]# vim /etc/nginx/nginx.conf
#修改日志格式为json格式,并创建一个nginxweb的网站目录
log_format access_json \'{"@timestamp":"$time_iso8601",\'
                           \'"host":"$server_addr",\'
                           \'"clientip":"$remote_addr",\'
                           \'"size":$body_bytes_sent,\'
                           \'"responsetime":$request_time,\'
                           \'"upstreamtime":"$upstream_response_time",\'
                           \'"upstreamhost":"$upstream_addr",\'
                           \'"http_host":"$host",\'
                           \'"url":"$uri",\'
                           \'"domain":"$host",\'
                           \'"xff":"$http_x_forwarded_for",\'
                           \'"referer":"$http_referer",\'
                           \'"status":"$status"}\';
    access_log  /var/log/nginx/access.log  access_json;

        location /nginxweb {
                root html;
                index index.html index.htm;
        }
[root@linux-node1 ~]# mkdir /usr/share/nginx/html/nginxweb
[root@linux-node1 ~]# echo "<h1> welcome to use Nginx" > /usr/share/nginx/html/nginxweb/index.html
[root@linux-node1 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@linux-node1 ~]# systemctl start nginx

 

二、配置logstash

# vim /etc/logstash/conf.d/nginxlog.conf
input{
    file {
        path => "/var/log/nginx/access.log"
        type => "nginx-access-log"
        start_position => "beginning"
        stat_interval => "2"
    }

}

output{
   elasticsearch {
        hosts => ["10.0.0.22:9200"]
        index => "logstash-nginx-access-log-%{+YYYY.MM.dd}"
   }
}

三、Kibana展示

[[root@saltstack02 ~]# ab -n1000 -c 100 http://10.0.0.22/nginxweb/index.html    #对页面压测
  
[root@saltstack02 conf.d]# tailf /var/log/nginx/access.log    #nginx的访问日志变成了json格式
{"@timestamp":"2018-06-20T19:14:30+08:00","host":"10.0.0.22","clientip":"10.0.0.22","size":26,"responsetime":0.000,"upstreamtime":"-","upstreamhost":"-","http_host":"10.0.0.22","url":"/nginxweb/index.html","domain":"10.0.0.22","xff":"-","referer":"-","status":"200"}
{"@timestamp":"2018-06-20T19:14:30+08:00","host":"10.0.0.22","clientip":"10.0.0.22","size":26,"responsetime":0.000,"upstreamtime":"-","upstreamhost":"-","http_host":"10.0.0.22","url":"/nginxweb/index.html","domain":"10.0.0.22","xff":"-","referer":"-","status":"200"}
{"@timestamp":"2018-06-22T09:10:42+08:00","host":"10.0.0.22","clientip":"10.0.0.1","size":26,"responsetime":0.000,"upstreamtime":"-","upstreamhost":"-","http_host":"10.0.0.22","url":"/nginxweb/index.html","domain":"10.0.0.22","xff":"-","referer":"-","status":"200"}

Head插件查看:

 

  

  

 

以上是关于收集Nginx的json格式日志的主要内容,如果未能解决你的问题,请参考以下文章

Logstash动态模板映射收集Nginx的Json格式的日志

ELK实战之NginxTomcatJava日志收集以及TCP收集日志使用

K8S日志收集:容器日志输出JSON,自动采集至ES

ELK之filebeat收集多日志并自定义索引

elk架构-搭建一个日志收集系统

Logstash 之 Nginx日志收集分析