logstash-out-exec插件实现监控nginx http状态码邮件告警

环境：

ELK 6.6.2版本、Ubuntu 16.04.6 LTS

1、安装插件：

/usr/local/logstash/bin/logstash-plugin install logstash-output-exec

2、nginx access日志搜集检测403状态码邮件告警配置文件示例：

input {    file {        type => "nginx-access"        path => "/usr/local/nginx/logs/access.log"    } } filter {    grok {      match => { "message" => "%{COMBINEDAPACHELOG}" }    }    date {      match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]    }  }    output {         elasticsearch {                hosts => "192.168.254.131:9200" }                stdout { codec => rubydebug }         if [response] == "403" {         exec {             command  =>  "echo '%{host}:%{type}' | mail -s '403_error' xxxxxxxx@qq.com"         }      } }

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

启动logstash，配置nginx 访问403页面测试告警：