1 配置nginx
log_format main '$remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" $request_time "$upstream_addr" $upstream_response_time "$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
配置完成后,启动nginx
# nginx
2 配置logstash
新建一个nginx.conf,内容如下
input {
file {
path => ["/var/log/nginx/access.log"]
type => "access"
start_position => "beginning"
}
}
filter {
if [type] == "access" {
grok {
match => { "message" => "^%{IPV4:remote_addr} \[%{HTTPDATE:timestamp}\] \"%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}\" %{INT:status} %{INT:body_bytes_sent}