安装nginx
yum安装
[root@logstash ~]# yum install -y nginx
将nginx日志配置为json格式
[root@logstash ~]# vim /etc/nginx/nginx.conf
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format access_json '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"url":"$uri",'
'"domain":"$host",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"status":"$status"}';
access_log /var/log/nginx/access.log access_json;
[root@logstash ~]# systemctl restart nginx
[root@logstash ~]# chmod a+r /var/log/nginx/access.log
配置logstash
配置收集nginx日志
[root@logstash ~]# cat /etc/logstash/conf.d/nginx.conf
input {
file {
path => "/var/log/nginx/access.log"
start_position => "beginning"
stat_interval => 3
type => "nginx-access-log"
codec => "json"
}
}
output {
if [type] == "nginx-access-log" {
elasticsearch {
hosts => ["192.168.80.107:9200"]
index => "nginx-access-log-%{+YYYY.MM.dd}"
}
}
}
检查语法后启动
[root@logstash ~]# logstash -f /etc/logstash/conf.d/nginx.conf -t
[root@logstash ~]# logstash -f /etc/logstash/conf.d/nginx.conf
kibana界面上创建对应索引
logstash收集tcp日志
配置logstash接收tcp类型的input
[root@logstash ~]# cat /etc/logstash/conf.d/tcptest.conf
input {
tcp {
port => "5044"
codec => "json"
}
}
output {
elasticsearch {
hosts => ["192.168.80.107:9200"]
index => "tcp-log-%{+YYYY.MM.dd}"
}
}
语法检查后启动
[root@logstash ~]# logstash -f /etc/logstash/conf.d/nginx.conf -t
[root@logstash ~]# logstash -f /etc/logstash/conf.d/nginx.conf
查看5044端口监听,由logstash代为监听
[root@logstash ~]# ss -nltp |grep 5044
LISTEN 0 128 :::5044 :::* users:(("java",pid=3624,fd=98))
模拟访问5044端口
[root@logstash ~]# telnet 192.168.80.108 5044
kibana索引管理里创建索引
dicover界面查看
