logstash的配置
input {
file {
path => ["/apps/product/nginx-1.2.4/logs/access.log","/apps/logs/img.meng800.com_access.log","/apps/logs/ncfstatic.com_access.log"]
type => "web_nginx_access"
}
}
filter {
grok {
type => "web_nginx_access"
match => [
"message", "%{IPORHOST:http_host} %{IPORHOST:user_ip} - - \[%{HTTPDATE:timestamp}\] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion:float})?|%{DATA:rawrequest})\" %{NUMBER:response:int} (?:%{NUMBER:bytes:int}|-) %{QS:referrer} %{QS:useragent} (?:%{NUMBER:request_time:float}|-) (?:%{NUMBER:upstream_time:float}|-)"
]
}
geoip {
source => "user_ip"
}
date {
type => "web_nginx_access"
match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
}
useragent {
target => "ua"
source => "useragent"
}
}
output {
elasticsearch {
host => "127.0.0.1"
port => "19201"
protocol => "http"
index => "logstash-%{type}-%{+YYYY.MM.dd}"
index_type => "%{type}"
workers => 5
}
}
nginx的配置
log_format access '$http_host $remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" '
'$request_time $upstream_response_time '
'"$http_x_forwarded_for"';
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。