ELK监控nginx线程

Posted 2021-04-11 爱吃鱼的小明

• 首先要保证nginx有启动
  

• [root@localhost patterns]# pwd
  /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-patterns-core-4.1.2/patterns
  将创建好的nginx_access文件上传至这个目录下

• vim nginx_access

1. URIPARAM1 [A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\-\[\]]*

2. NGINXACCESS %{IPORHOST:client_ip} (%{USER:ident}|- ) (%{USER:auth}|-) \[%{HTTPDATE:timestamp}\] "(?:%{WORD:verb} (%{NOTSPACE:request}|-)(?: HTTP/%{NUMBER:http_version})?|-)" %{NUMBER:status} (?:%{NUMBER:bytes}|-) "(?:%{URI:referrer}|-)" "%{GREEDYDATA:agent}"

• logstash grok 内置正则：https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/grok-patterns

• 新建nginx.conf   vim /etc/logstash/conf.d/nginx.conf

input {

   file {

      path  => "/usr/local/nginx/logs/access.log"

      type  => "nginx-log"

      start_position => "beginning"

    }

}

  filter {

    grok {

        match => { "message" => "%{NGINXACCESS}" }

    }

 

}

 

output {

   elasticsearch {

      hosts => ["192.168.10.129:9200"]

      index => "nginx_log-%{+YYYY.MM.dd}"

   }

 

}

• 添加管道vim /etc/logstas/pipelines.yml

• systemctl restart logstash

• tailf /var/log/logstash/logstash-plain.log
  

• yum -y install httpd-tools
  

• ab -n 100 -c 100 http://127.0.0.1/index.html    #ps:(单机做的ip为127.0.0.1)