ELK—Nginx日志收集
作者:互联网
自定义nginx日志格式为json
log_format access_json '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"url":"$uri",'
'"domain":"$host",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"status":"$status"}';
access_log /var/log/nginx/access.log access_json;
配置 logstash 收集 nginx 访问日志
input {
file {
path => "/var/log/nginx/access.log"
start_position => "end"
type => "nginx-accesslog"
codec => json
}
}
output {
if [type] == "nginx-accesslog" {
elasticsearch {
hosts => ["192.168.15.11:9200"]
index => "logstash-nginx-accesslog-1516-%{+YYYY.MM.dd}"
}
}
}
标签:ELK,log,Nginx,host,access,nginx,json,accesslog,日志 来源: https://www.cnblogs.com/rtnb/p/16275736.html