环境:
ELK 6.6.2版本、Ubuntu 16.04.6 LTS
1、安装插件:
/usr/local/logstash/bin/logstash-plugin install logstash-output-exec
2、nginx access日志搜集检测403状态码邮件告警配置文件示例:
input { file { type => "nginx-access" path => "/usr/local/nginx/logs/access.log" } } filter { grok { match => { "message" => "%{COMBINEDAPACHELOG}" } } date { match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ] } }
output { elasticsearch { hosts => "192.168.254.131:9200" } stdout { codec => rubydebug } if [response] == "403" { exec { command => "echo '%{host}:%{type}' | mail -s '403_error' xxxxxxxx@qq.com" } } } |
|
启动logstash,配置nginx 访问403页面测试告警: