收集Nginx日志

  • 编辑Nginx配置文件:
[root@master_agent config]# vim /etc/nginx/nginx.conf
  • 增加Nginx json格式日志配置
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    log_format json '{ "@timestamp": "$time_local", '
         '"@fields": { '
         '"remote_addr": "$remote_addr", '
         '"remote_user": "$remote_user", '
         '"body_bytes_sent": "$body_bytes_sent", '
         '"request_time": "$request_time", '
         '"status": "$status", '
         '"request": "$request", '
         '"request_method": "$request_method", '
         '"http_referrer": "$http_referer", '
         '"body_bytes_sent":"$body_bytes_sent", '
         '"http_x_forwarded_for": "$http_x_forwarded_for", '
         '"http_user_agent": "$http_user_agent" }
         }';
server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
        access_log  /var/log/nginx/access_json.log  json;
        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
  • 如图: image
  • 规范存放目录 规范Nginx json日志存放目录
  • 检查语法,启动Nginx 并检查端口
[root@master_agent config]# /usr/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@master_agent config]# systemctl start nginx
[root@master_agent config]# ss -ntlp
  • 模拟环境访问,触发日志
  • 浏览器访问下Nginx 172.16.1.201
  • 查看日志内容:
[root@master_agent ~]# tail -f /var/log/nginx/
access_json.log  error.log        
[root@master_agent ~]# tail -f /var/log/nginx/access_json.log 
{ "@timestamp": "27/Jun/2017:10:06:12 -0400", "@fields": { "remote_addr": "172.16.1.1", "remote_user": "-", "body_bytes_sent": "0", "request_time": "0.000", "status": "304", "request": "GET /poweredby.png HTTP/1.1", "request_method": "GET", "http_referrer": "http://172.16.1.201/", "body_bytes_sent":"0", "http_x_forwarded_for": "-", "http_user_agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 UBrowser/6.1.3228.1 Safari/537.36" }
	 }
{ "@timestamp": "27/Jun/2017:10:06:12 -0400", "@fields": { "remote_addr": "172.16.1.1", "remote_user": "-", "body_bytes_sent": "0", "request_time": "0.000", "status": "304", "request": "GET / HTTP/1.1", "request_method": "GET", "http_referrer": "-", "body_bytes_sent":"0", "http_x_forwarded_for": "-", "http_user_agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 UBrowser/6.1.3228.1 Safari/537.36" }
	 }
  • logstash 编辑配置执行文件
  • [root@master_agent ~]# vim /home/elk/logfile/nginx-elk.conf
input {
        file {
                path => "/var/log/nginx/access_json.log"
                codec => "json"
                type => "nginx-log"
                start_position => "beginning"

        }
}

output { 
         if [type] == "nginx-log" {
                elasticsearch {
                        hosts => ["172.16.1.201:9200"]
                        index => "nginx-log-%{+YYYY.MM.dd}"
                }

        }
}
打赏作者

2 comments to “ELK-Nginx实例日志采集分析”

You can leave a reply or Trackback this post.
  1. 文艺IT男Bruce - 2017年10月31日 回复

    将配置文件统一规划存储路径,实现标准化管理。

Leave a Reply

Your email address will not be published.