- 首先安装Java环境:
apt-get install openjdk-8-jdk
- 在官网下载Logstash:
https://www.elastic.co/cn/downloads/logstash
- 在conf目录新建一个配置文件:
input {
#这里可以同时监控多个文件
file {
path => ["/usr/local/nginx/logs/error.log"]
start_position => "beginning"
type => "error"
}
file {
path => ["/usr/local/nginx/logs/www.xxx.com.access.log"]
start_position => "beginning"
type => "access"
}
}
filter {
#每种文件需要配置自己的grok插件语法来搜集需要的数据
if [type] == "access"{
grok {
match => {
#这里的须发需要自定义配置
"message" => "^%{IPV4:remote_addr} \[%{HTTPDATE:timestamp}\] \"%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}\" %{INT:status} %{INT:body_bytes_sent} \"%{NOTSPACE:http_referer}\"