收集Nginx-access,Nginx-error日志
Posted 莫孟林
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了收集Nginx-access,Nginx-error日志相关的知识,希望对你有一定的参考价值。
1.配置Logstash
[[email protected] logstash]# vim /usr/local/logstash/config/nginx_log.conf
input {
beats {
port => "5044"
}
}
filter {
if [type] == "nginx"{
grok {
match => { "message" => "%{NGINXACCESS}" }
}
}
date {
match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
target => ["datetime"]
}
geoip {
source => "clientip"
}
}
output {
if [fields][logsource] == "nginx_access"{
elasticsearch {
hosts => ["192.168.200.130:9200"]
index => "nginx_access"
}
}
if [fields][logsource] == "nginx_error"{
elasticsearch {
hosts => ["192.168.200.130:9200"]
index => "nginx_error"
}
}
stdout { codec => rubydebug }
}
2.配置filebeat:
[[email protected] filebeat]# egrep -v "#|^$" filebeat.yml
filebeat.prospectors:
- type: log
fields:
logsource: nginx_access
log_type: access_log
paths:
- /usr/local/nginx/logs/access.log
- type: log
fields:
logsource: nginx_error
log_type: error_log
paths:
- /usr/local/nginx/logs/error.log
output.logstash:
hosts: ["192.168.200.131:5044"]
以上是关于收集Nginx-access,Nginx-error日志的主要内容,如果未能解决你的问题,请参考以下文章