• input {
• file {
• path => “/var/log/nginx/access.log”
• type => “nginx-log”
• start_position => “beginning”
• }
• }
•
• filter {
• grok {
• match => { “message” => “%{NGINXACCESS}” }
• }
•
• }
•
• output {
• elasticsearch {
• hosts => [“192.168.0.106:9200”]
• index => “nginx_log-%{+YYYY.MM.dd}”
• }
•
• }
[root@192 conf.d]# cd /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-patterns-core-4.1.2/patterns
[root@192 patterns]# ls
aws exim httpd maven nagios redis
bacula firewalls java mcollective nginx_access ruby
bind grok-patterns junos mcollective-patterns postgresql squid
bro haproxy linux-syslog mongodb rails
[root@192 patterns]# cat nginx_access
URIPARAM1 [A-Za-z0-9$.+!’|(){},~@#%&/=:;_?-[]]
NGINXACCESS %{IPORHOST:client_ip} (%{USER:ident}|- ) (%{USER:auth}|-) [%{HTTPDATE:timestamp}] “(?:%{WORD:verb} (%{NOTSPACE:request}|-)(?: HTTP/%{NUMBER:http_version})?|-)” %{NUMBER:status} (?:%{NUMBER:bytes}|-) “(?:%{URI:referrer}|-)” “%{GREEDYDATA:agent}”
elk
最新推荐文章于 2024-04-20 00:10:53 发布