• 欢迎访问运维搬运工网站,推荐使用最新版火狐浏览器和Chrome浏览器访问本网站。
  • 本站一年会员:100元 ,两年会员:180元 ,永久会员:380元
  • 这世界就是,一些人总在昼夜不停地运转,而另外一些人,起床就发现世界已经变了。
  • 本博客推广的是知识付费,用赞助的方式实现博客维护,不以赚钱为目的的博客

logstash收集nginx日志【1】

elk 大自然搬运工 2年前 (2017-06-30) 2026次浏览 已收录 0个评论 扫描二维码

准备环境

java nginx logstash

本次只掩饰安装logstash和收集日志

[mem]

安装

logstash采用rpm包形式安装

[root@2 ~]# cd /usr/local/src/
[root@2 src]# wget -c https://download.elastic.co/logstash/logstash/packages/centos/logstash-2.3.2-1.noarch.rpm
[root@2 src]# yum install logstash-2.3.2-1.noarch.rpm

配置logstash

[root@1 ~]# cat /etc/logstash/conf.d/logstash_cli.conf 
input {
 file {
 path => ["/var/log/nginx/access.log"]
 type => "nginx_log"
 start_position => "beginning"
 }
}
output {
 stdout {
codec => rubydebug
 }
}

检查语法

[root@1 ~]# cd /etc/logstash/conf.d/
[root@1 conf.d]# /opt/logstash/bin/logstash -f ./logstash_cli.conf --configtest
Configuration OK

启动logstash并写入点日志信息,查看收集情况(访问下web)

[root@1 conf.d]# /opt/logstash/bin/logstash -f ./logstash_cli.conf
Settings: Default pipeline workers: 2
Pipeline main started
{
 "message" => "192.168.1.1 - - [29/Jun/2017:15:32:31 +0800] \"GET / HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36\" \"-\"",
 "@version" => "1",
 "@timestamp" => "2017-06-29T07:32:32.230Z",
 "path" => "/var/log/nginx/access.log",
 "host" => "1.vip",
 "type" => "nginx_log"
}
{
 "message" => "192.168.1.1 - - [29/Jun/2017:15:32:31 +0800] \"GET /favicon.ico HTTP/1.1\" 404 571 \"http://192.168.1.87/\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36\" \"-\"",
 "@version" => "1",
 "@timestamp" => "2017-06-29T07:32:32.232Z",
 "path" => "/var/log/nginx/access.log",
 "host" => "1.vip",
 "type" => "nginx_log"
}

将数据输出到redis

[root@web conf.d]# cat /etc/logstash/conf.d/logstash_cli.conf 
input {
 file {
 path => ["/var/log/nginx/access.log"]
 type => "nginx_log"
 start_position => "beginning"
 }
}
output {
 redis {
 host => "192.168.1.88"
 key => 'logstash-redis'
 data_type => 'list'
 }
}

如果是多行日志加入

filter {
 multiline {
 pattern => "^%{TIMESTAMP_ISO8601}"
 negate => true
 what => previous
 }
}

检查语法

[root@web conf.d]# /opt/logstash/bin/logstash -f ./logstash_cli.conf --configtest
Configuration OK

启动

[root@web conf.d]# nohup /opt/logstash/bin/logstash -f ./logstash_cli.conf &

查看

[root@web conf.d]# ps aux|grep logstash
root 3084 41.3 9.7 3625044 181600 pts/0 Sl 19:01 0:15 /usr/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless=true -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -Xmx1g -Xss2048k -Djffi.boot.library.path=/opt/logstash/vendor/jruby/lib/jni -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless=true -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/opt/logstash/heapdump.hprof -Xbootclasspath/a:/opt/logstash/vendor/jruby/lib/jruby.jar -classpath : -Djruby.home=/opt/logstash/vendor/jruby -Djruby.lib=/opt/logstash/vendor/jruby/lib -Djruby.script=jruby -Djruby.shell=/bin/sh org.jruby.Main --1.9 /opt/logstash/lib/bootstrap/environment.rb logstash/runner.rb agent -f ./logstash_cli.conf
root 3124 0.0 0.0 112660 960 pts/0 S+ 19:01 0:00 grep --color=auto logstash

[/mem]


运维搬运工 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:logstash收集nginx日志【1】
喜欢 (0)
[扫描二维码]
分享 (0)
大自然搬运工
关于作者:
不是路不平,而是你不行。到底行不行,看你停不停。只要你不停,早晚都能行。
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址