graylog5_被动接受Nginx日志的单机部署流程

最新推荐文章于 2023-12-07 16:30:33 发布
最新推荐文章于 2023-12-07 16:30:33 发布
阅读量607 收藏
点赞数
文章标签: nginx 运维
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_42065669/article/details/128401426
版权

一、安装与部署

设备信息:Centos7
garylog版本:graylog5.0
graylog5.0需要的组件以及版本要求:

  • OpenJDK 17 (embedded in the 5.0 installation file):这个graylog自带的不用另外安装
  • Elasticsearch 7.10.2 OR OpenSearch 2.x(selected Elasticsearch for our logserver)
  • MongoDB 6.0

MangoDB

第一步:添加yum源头,我这里添加的是6.0,可能以后这个yum源会无效,那么可以尝试到https://repo.mongodb.org/yum中寻找你要的yum源。/etc/yum.repo.d/mongo-org-5.0,也可以自己下载rpm包安装

[mongodb-org-5.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/5.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-5.0.asc

第二步:安装,运行,并设置开机启动

sudo yum install -y 
sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl start mongod.service

Elasticsearch

第一步:导入yum源证书

#导入证书
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

第二步:添加yum安装,或者https://www.elastic.co/cn/downloads/past-releases/enterprise-search-7-10-2。下载,并rpm安装

echo"[elasticsearch-7.10.2]
name=Elasticsearch repository for 7.10.2 packages
baseurl=https://artifacts.elastic.co/packages/oss-7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md" > /etc/yum.repos.d/elasticsearch.repo

#安装
sudo yum install elasticsearch-oss

第三步:设备配置文件

sudo tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null <<EOT
cluster.name: graylog
action.auto_create_index: false
EOT

第四步:设置开机启动并检查

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
sudo systemctl --type=service --state=active
grep elasticsearch

Graylog

第一步安装:

sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-5.0-repository_latest.rpm
sudo yum install graylog-server

第二步配置文件:配置sudo vim /etc/graylog/server/server.conf
注意:页面的登录密码这里设置的,这个密钥要记住

#需要生成sha密码,并填写到 password_secret 和 root_password_sha2 后面
#密码生成,这个密码是用来登录graylog的
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

#访问地址编辑,我们的服务器地址是192.168.166.202,如果是安装了代理服务器,写127.0.0.1也ok
http_bind_address: 192.168.166.202

#时区也要注意一下
root_timezone = Asia/Shanghai

第三部,开机启动

sudo systemctl daemon-reload
sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service
sudo systemctl --type=service --state=active| grep graylog

Nginx

第一步:安装,我们安装的是nginx-1.16.

sudo rpm -ivh http://nginx.org/packages/centos/7/x86_64/RPMS/nginx-1.16.1-1.el7.ngx.x86_64.rpm

第二步:配置文件vim /etc/nginx/conf.d/log.zafu.edu.cn.conf

server
{
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;
    server_name log.zafu.edu.cn;

    location / {
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Graylog-Server-URL http://$server_name/;
      proxy_pass       http://127.0.0.1:9000; #这个和graylog的http_bind_address一致就好
    }
}

第三部:开启服务

systemctl start nginx
systemctl enable nginx

二、graylog的配置

第一步:准备

事先准备nginx content pack:https://github.com/paulbarfuss/graylog3-content-pack-nginx-json/blob/master/content-pack-nginx-graylog3.json
复制代码,到本地的txt就好了,可以明明成content-pack-nginx-graylog3.json。这段代码我会放到最后附录1中;另外网上很多教程,只能适配graylog2之前的,不适配当前版本。
![image.png](https://img-blog.csdnimg.cn/img_convert/c6dda239db0ed794adaaedc00443ccf3.png#averageHue=#e8e4bd&clientId=u3ce50bdd-2103-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=919&id=u12de4fa9&margin=[object Object]&name=image.png&originHeight=1149&originWidth=1919&originalType=binary&ratio=1&rotation=0&showTitle=false&size=159762&status=done&style=none&taskId=u53129021-8da9-4797-9921-69303812bd6&title=&width=1535.2)

第二步:登录web并配置

登录页面,用户名admin 密码是“graylog第二步中自己设置的密码”上传json的模板。
![image.png](https://img-blog.csdnimg.cn/img_convert/a6115efc01a2f0e1b7b7dcd3666a8563.png#averageHue=#8c8c8c&clientId=u3ce50bdd-2103-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=919&id=u184e9cec&margin=[object Object]&name=image.png&originHeight=1149&originWidth=1920&originalType=binary&ratio=1&rotation=0&showTitle=false&size=822295&status=done&style=none&taskId=u8c95d8bd-3d7c-489b-851d-cad8af21791&title=&width=1536)
![image.png](https://img-blog.csdnimg.cn/img_convert/8326232a4dd064e9837a177d4aed0589.png#averageHue=#fdfdfc&clientId=u005003b4-b46d-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=818&id=uebac3d74&margin=[object Object]&name=image.png&originHeight=1022&originWidth=1920&originalType=binary&ratio=1&rotation=0&showTitle=false&size=185538&status=done&style=none&taskId=u43d7fe71-4062-4ee4-b857-873a248fc44&title=&width=1536)
选择好模板——>upload
![image.png](https://img-blog.csdnimg.cn/img_convert/0d317b15ce92d29133347cfb99eb275e.png#averageHue=#f8f8f8&clientId=u005003b4-b46d-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=242&id=uaec1c1d7&margin=[object Object]&name=image.png&originHeight=302&originWidth=766&originalType=binary&ratio=1&rotation=0&showTitle=false&size=22493&status=done&style=none&taskId=u9ba098a7-bfa9-4387-8082-d64713570d9&title=&width=612.8)
导入后,会多一个模板,点击install
![image.png](https://img-blog.csdnimg.cn/img_convert/59b70054dd043266a8ef8d6b7fdb6f5e.png#averageHue=#fefdfd&clientId=u005003b4-b46d-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=98&id=u5759c6a5&margin=[object Object]&name=image.png&originHeight=123&originWidth=1906&originalType=binary&ratio=1&rotation=0&showTitle=false&size=14920&status=done&style=none&taskId=u083c343f-4303-4f21-88cf-510ca4d5fe3&title=&width=1524.8)
查看stream是否自动生成
![image.png](https://img-blog.csdnimg.cn/img_convert/06d2cc7f5310e85a20ade0fa4a4e108b.png#averageHue=#fdfdfc&clientId=u005003b4-b46d-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=681&id=u9f4a9f03&margin=[object Object]&name=image.png&originHeight=851&originWidth=1914&originalType=binary&ratio=1&rotation=0&showTitle=false&size=135731&status=done&style=none&taskId=uca6bdf8e-87bb-4850-9d7b-a851995b31f&title=&width=1531.2)

第三步:Nginx客户端的配置——定义Json发送格式

在客户端nginx上定义格式
将以下这段代码写入/etc/nginx/nginx.conf

log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
                     '"remote_addr": "$remote_addr", '
                     '"body_bytes_sent": $body_bytes_sent, '
                     '"request_time": $request_time, '
                     '"response_status": $status, '
                     '"request": "$request", '
                     '"request_method": "$request_method", '
                     '"host": "$host",'
                     '"upstream_cache_status": "$upstream_cache_status",'
                     '"upstream_addr": "$upstream_addr",'
                     '"http_x_forwarded_for": "$http_x_forwarded_for",'
                     '"http_referrer": "$http_referer", '
                     '"http_user_agent": "$http_user_agent" }';

将以下这段代码写入具体的网站配置文件中比如/home/wwwroot/vhost/xbc.zafu.edu.cn.conf

access_log syslog:server=graylog.server.org:12304 graylog2_json;
error_log syslog:server=graylog.server.org:12305;

完成效果

完成以上步骤就可以查看日志情况了:
![image.png](https://img-blog.csdnimg.cn/img_convert/85447e16d25b6c4e5277152b0d4f4567.png#averageHue=#f1d5b7&clientId=u005003b4-b46d-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=818&id=u9a1f3100&margin=[object Object]&name=image.png&originHeight=1022&originWidth=1920&originalType=binary&ratio=1&rotation=0&showTitle=false&size=121599&status=done&style=none&taskId=u54093814-d32e-46e5-9e6a-45dd84231fc&title=&width=1536)

附录1:

感谢作者mortenn的提供的模板

{
  "v": "1",
  "id": "d7dc82ff-529b-488a-b1de-b12b32e756bb",
  "revcontent-pack-nginx-graylog3.json": 3,
  "name": "nginx_json_graylog3",
  "summary": "Graylog 3.0+ compatible version of nginx_json content pack",
  "description": "",
  "vendor": "Originally created by petestorey26 and updated by paulbarfuss for graylog3.0+",
  "url": "https://github.com/paulbarfuss/graylog3-content-pack-nginx-json",
  "parameters": [],
  "entities": [
    {
      "v": "1",
      "type": {
        "name": "dashboard",
        "version": "1"
      },
      "id": "b7c3a54b-3ed4-4b73-9452-2731a18846c8",
      "data": {
        "title": {
          "@type": "string",
          "@value": "NGINX Overview"
        },
        "description": {
          "@type": "string",
          "@value": "Overview of requests handled by NGINX"
        },
        "widgets": [
          {
            "id": {
              "@type": "string",
              "@value": "ab3138d7-9790-4c71-a804-f59ff5692e0f"
            },
            "description": {
              "@type": "string",
              "@value": "Requests last 24h"
            },
            "type": {
              "@type": "string",
              "@value": "STREAM_SEARCH_RESULT_COUNT"
            },
            "cache_time": {
              "@type": "integer",
              "@value": 10
            },
            "time_range": {
              "type": {
                "@type": "string",
                "@value": "relative"
              },
              "range": {
                "@type": "integer",
                "@value": 300
              }
            },
            "configuration": {
              "timerange": {
                "type": {
                  "@type": "string",
                  "@value": "relative"
                },
                "range": {
                  "@type": "integer",
                  "@value": 300
                }
              },
              "lower_is_better": {
                "@type": "boolean",
                "@value": false
              },
              "stream_id": {
                "@type": "string",
                "@value": "3b4da8c0-e9f8-42f9-8f41-9222caa8f407"
              },
              "trend": {
                "@type": "boolean",
                "@value": false
              },
              "query": {
                "@type": "string",
                "@value": "*"
              }
            },
            "position": null
          }
        ]
      },
      "constraints": [
        {
          "type": "server-version",
          "version": ">=3.0.0+db6cf59"
        }
      ]
    },
    {
      "v": "1",
      "type": {
        "name": "input",
        "version": "1"
      },
      "id": "fa2ca431-c30d-455d-98b0-9ee703760760",
      "data": {
        "title": {
          "@type": "string",
          "@value": "nginx access log"
        },
        "configuration": {
          "expand_structured_data": {
            "@type": "boolean",
            "@value": false
          },
          "recv_buffer_size": {
            "@type": "integer",
            "@value": 1048576
          },
          "port": {
            "@type": "integer",
            "@value": 12304
          },
          "number_worker_threads": {
            "@type": "integer",
            "@value": 4
          },
          "force_rdns": {
            "@type": "boolean",
            "@value": false
          },
          "allow_override_date": {
            "@type": "boolean",
            "@value": true
          },
          "bind_address": {
            "@type": "string",
            "@value": "0.0.0.0"
          },
          "store_full_message": {
            "@type": "boolean",
            "@value": false
          }
        },
        "static_fields": {
          "from_nginx": {
            "@type": "string",
            "@value": "true"
          },
          "nginx_access": {
            "@type": "string",
            "@value": "true"
          }
        },
        "type": {
          "@type": "string",
          "@value": "org.graylog2.inputs.syslog.udp.SyslogUDPInput"
        },
        "global": {
          "@type": "boolean",
          "@value": true
        },
        "extractors": [
          {
            "target_field": {
              "@type": "string",
              "@value": "json"
            },
            "condition_value": {
              "@type": "string",
              "@value": ""
            },
            "order": {
              "@type": "integer",
              "@value": 2
            },
            "converters": [],
            "configuration": {
              "replacement": {
                "@type": "string",
                "@value": "-"
              },
              "regex": {
                "@type": "string",
                "@value": ".*"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "json"
            },
            "title": {
              "@type": "string",
              "@value": "Empty JSON field"
            },
            "type": {
              "@type": "string",
              "@value": "REGEX_REPLACE"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "NONE"
            }
          },
          {
            "target_field": {
              "@type": "string",
              "@value": ""
            },
            "condition_value": {
              "@type": "string",
              "@value": ""
            },
            "order": {
              "@type": "integer",
              "@value": 1
            },
            "converters": [],
            "configuration": {
              "flatten": {
                "@type": "boolean",
                "@value": true
              },
              "list_separator": {
                "@type": "string",
                "@value": ", "
              },
              "kv_separator": {
                "@type": "string",
                "@value": "="
              },
              "key_prefix": {
                "@type": "string",
                "@value": ""
              },
              "key_separator": {
                "@type": "string",
                "@value": "_"
              },
              "replace_key_whitespace": {
                "@type": "boolean",
                "@value": false
              },
              "key_whitespace_replacement": {
                "@type": "string",
                "@value": "_"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "json"
            },
            "title": {
              "@type": "string",
              "@value": "Extract JSON fields"
            },
            "type": {
              "@type": "string",
              "@value": "JSON"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "NONE"
            }
          },
          {
            "target_field": {
              "@type": "string",
              "@value": "json"
            },
            "condition_value": {
              "@type": "string",
              "@value": ""
            },
            "order": {
              "@type": "integer",
              "@value": 0
            },
            "converters": [],
            "configuration": {
              "regex_value": {
                "@type": "string",
                "@value": "nginx:\\s+(.*)"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "message"
            },
            "title": {
              "@type": "string",
              "@value": "Get JSON from syslog message"
            },
            "type": {
              "@type": "string",
              "@value": "REGEX"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "NONE"
            }
          },
          {
            "target_field": {
              "@type": "string",
              "@value": "message"
            },
            "condition_value": {
              "@type": "string",
              "@value": ""
            },
            "order": {
              "@type": "integer",
              "@value": 3
            },
            "converters": [],
            "configuration": {
              "replacement": {
                "@type": "string",
                "@value": "$1"
              },
              "regex": {
                "@type": "string",
                "@value": ".*request\": \"(.*?)\".*"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "message"
            },
            "title": {
              "@type": "string",
              "@value": "Reduced message to path"
            },
            "type": {
              "@type": "string",
              "@value": "REGEX_REPLACE"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "NONE"
            }
          }
        ]
      },
      "constraints": [
        {
          "type": "server-version",
          "version": ">=3.0.0+db6cf59"
        }
      ]
    },
    {
      "v": "1",
      "type": {
        "name": "input",
        "version": "1"
      },
      "id": "540d1628-ceed-49d4-8960-068c5afaa993",
      "data": {
        "title": {
          "@type": "string",
          "@value": "nginx error log"
        },
        "configuration": {
          "expand_structured_data": {
            "@type": "boolean",
            "@value": false
          },
          "recv_buffer_size": {
            "@type": "integer",
            "@value": 1048576
          },
          "port": {
            "@type": "integer",
            "@value": 12305
          },
          "number_worker_threads": {
            "@type": "integer",
            "@value": 4
          },
          "force_rdns": {
            "@type": "boolean",
            "@value": false
          },
          "allow_override_date": {
            "@type": "boolean",
            "@value": true
          },
          "bind_address": {
            "@type": "string",
            "@value": "0.0.0.0"
          },
          "store_full_message": {
            "@type": "boolean",
            "@value": false
          }
        },
        "static_fields": {
          "nginx_error": {
            "@type": "string",
            "@value": "true"
          },
          "from_nginx": {
            "@type": "string",
            "@value": "true"
          }
        },
        "type": {
          "@type": "string",
          "@value": "org.graylog2.inputs.syslog.udp.SyslogUDPInput"
        },
        "global": {
          "@type": "boolean",
          "@value": true
        },
        "extractors": [
          {
            "target_field": {
              "@type": "string",
              "@value": "server"
            },
            "condition_value": {
              "@type": "string",
              "@value": "server"
            },
            "order": {
              "@type": "integer",
              "@value": 1
            },
            "converters": [],
            "configuration": {
              "regex_value": {
                "@type": "string",
                "@value": "server:\\s(.+?)(,|$)"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "message"
            },
            "title": {
              "@type": "string",
              "@value": "server"
            },
            "type": {
              "@type": "string",
              "@value": "REGEX"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "STRING"
            }
          },
          {
            "target_field": {
              "@type": "string",
              "@value": "timestamp"
            },
            "condition_value": {
              "@type": "string",
              "@value": ""
            },
            "order": {
              "@type": "integer",
              "@value": 0
            },
            "converters": [
              {
                "type": {
                  "@type": "string",
                  "@value": "DATE"
                },
                "configuration": {
                  "date_format": {
                    "@type": "string",
                    "@value": "yyyy/MM/dd HH:mm:ss "
                  }
                }
              }
            ],
            "configuration": {
              "regex_value": {
                "@type": "string",
                "@value": "^.*:\\s(\\d\\d\\d\\d/\\d\\d/\\d\\d\\s\\d\\d:\\d\\d:\\d\\d)\\s.*$"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "message"
            },
            "title": {
              "@type": "string",
              "@value": "Timestamp"
            },
            "type": {
              "@type": "string",
              "@value": "REGEX"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "NONE"
            }
          },
          {
            "target_field": {
              "@type": "string",
              "@value": "remote_addr"
            },
            "condition_value": {
              "@type": "string",
              "@value": "client"
            },
            "order": {
              "@type": "integer",
              "@value": 2
            },
            "converters": [],
            "configuration": {
              "regex_value": {
                "@type": "string",
                "@value": "client:\\s(.+?)(,|$)"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "message"
            },
            "title": {
              "@type": "string",
              "@value": "remote_addr/client"
            },
            "type": {
              "@type": "string",
              "@value": "REGEX"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "STRING"
            }
          },
          {
            "target_field": {
              "@type": "string",
              "@value": "host"
            },
            "condition_value": {
              "@type": "string",
              "@value": "host"
            },
            "order": {
              "@type": "integer",
              "@value": 3
            },
            "converters": [],
            "configuration": {
              "regex_value": {
                "@type": "string",
                "@value": "host:\\s\"(.+?)\"(,|$)"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "message"
            },
            "title": {
              "@type": "string",
              "@value": "host"
            },
            "type": {
              "@type": "string",
              "@value": "REGEX"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "STRING"
            }
          },
          {
            "target_field": {
              "@type": "string",
              "@value": "request_verb"
            },
            "condition_value": {
              "@type": "string",
              "@value": "request"
            },
            "order": {
              "@type": "integer",
              "@value": 5
            },
            "converters": [],
            "configuration": {
              "regex_value": {
                "@type": "string",
                "@value": "request:\\s\"(GET|HEAD|POST|PUT|DELETE|TRACE|OPTIONS|CONNECT|PATCH).+\"(,|$)"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "message"
            },
            "title": {
              "@type": "string",
              "@value": "request_verb"
            },
            "type": {
              "@type": "string",
              "@value": "REGEX"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "STRING"
            }
          },
          {
            "target_field": {
              "@type": "string",
              "@value": "request_path"
            },
            "condition_value": {
              "@type": "string",
              "@value": "request"
            },
            "order": {
              "@type": "integer",
              "@value": 4
            },
            "converters": [],
            "configuration": {
              "regex_value": {
                "@type": "string",
                "@value": "request:\\s\"(.+?)\"(,|$)"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "message"
            },
            "title": {
              "@type": "string",
              "@value": "request_path/request"
            },
            "type": {
              "@type": "string",
              "@value": "REGEX"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "STRING"
            }
          }
        ]
      },
      "constraints": [
        {
          "type": "server-version",
          "version": ">=3.0.0+db6cf59"
        }
      ]
    },
    {
      "v": "1",
      "type": {
        "name": "stream",
        "version": "1"
      },
      "id": "40645de4-746e-4ec0-86ec-47d893ded9b6",
      "data": {
        "alarm_callbacks": [],
        "outputs": [],
        "remove_matches": {
          "@type": "boolean",
          "@value": false
        },
        "title": {
          "@type": "string",
          "@value": "nginx HTTP 4XXs"
        },
        "stream_rules": [
          {
            "type": {
              "@type": "string",
              "@value": "GREATER"
            },
            "field": {
              "@type": "string",
              "@value": "response_status"
            },
            "value": {
              "@type": "string",
              "@value": "399"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          },
          {
            "type": {
              "@type": "string",
              "@value": "SMALLER"
            },
            "field": {
              "@type": "string",
              "@value": "response_status"
            },
            "value": {
              "@type": "string",
              "@value": "500"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          },
          {
            "type": {
              "@type": "string",
              "@value": "EXACT"
            },
            "field": {
              "@type": "string",
              "@value": "from_nginx"
            },
            "value": {
              "@type": "string",
              "@value": "true"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          }
        ],
        "alert_conditions": [],
        "matching_type": {
          "@type": "string",
          "@value": "AND"
        },
        "disabled": {
          "@type": "boolean",
          "@value": false
        },
        "description": {
          "@type": "string",
          "@value": "All requests that were answered with a HTTP code in the 400 range by nginx"
        },
        "default_stream": {
          "@type": "boolean",
          "@value": false
        }
      },
      "constraints": [
        {
          "type": "server-version",
          "version": ">=3.0.0+db6cf59"
        }
      ]
    },
    {
      "v": "1",
      "type": {
        "name": "stream",
        "version": "1"
      },
      "id": "5a0abcb1-b5af-4239-96f6-d8fc786c54be",
      "data": {
        "alarm_callbacks": [],
        "outputs": [],
        "remove_matches": {
          "@type": "boolean",
          "@value": false
        },
        "title": {
          "@type": "string",
          "@value": "nginx requests"
        },
        "stream_rules": [
          {
            "type": {
              "@type": "string",
              "@value": "EXACT"
            },
            "field": {
              "@type": "string",
              "@value": "nginx_access"
            },
            "value": {
              "@type": "string",
              "@value": "true"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          }
        ],
        "alert_conditions": [],
        "matching_type": {
          "@type": "string",
          "@value": "AND"
        },
        "disabled": {
          "@type": "boolean",
          "@value": false
        },
        "description": {
          "@type": "string",
          "@value": "All requests that were logged into the nginx access_log"
        },
        "default_stream": {
          "@type": "boolean",
          "@value": false
        }
      },
      "constraints": [
        {
          "type": "server-version",
          "version": ">=3.0.0+db6cf59"
        }
      ]
    },
    {
      "v": "1",
      "type": {
        "name": "stream",
        "version": "1"
      },
      "id": "3b4da8c0-e9f8-42f9-8f41-9222caa8f407",
      "data": {
        "alarm_callbacks": [],
        "outputs": [],
        "remove_matches": {
          "@type": "boolean",
          "@value": false
        },
        "title": {
          "@type": "string",
          "@value": "nginx"
        },
        "stream_rules": [
          {
            "type": {
              "@type": "string",
              "@value": "EXACT"
            },
            "field": {
              "@type": "string",
              "@value": "from_nginx"
            },
            "value": {
              "@type": "string",
              "@value": "true"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          }
        ],
        "alert_conditions": [],
        "matching_type": {
          "@type": "string",
          "@value": "AND"
        },
        "disabled": {
          "@type": "boolean",
          "@value": false
        },
        "description": {
          "@type": "string",
          "@value": "all message to nginx_access and nginx_error"
        },
        "default_stream": {
          "@type": "boolean",
          "@value": false
        }
      },
      "constraints": [
        {
          "type": "server-version",
          "version": ">=3.0.0+db6cf59"
        }
      ]
    },
    {
      "v": "1",
      "type": {
        "name": "stream",
        "version": "1"
      },
      "id": "6bfbdd7e-638a-4ff5-a3e0-327a21bad701",
      "data": {
        "alarm_callbacks": [],
        "outputs": [],
        "remove_matches": {
          "@type": "boolean",
          "@value": false
        },
        "title": {
          "@type": "string",
          "@value": "nginx HTTP 404s"
        },
        "stream_rules": [
          {
            "type": {
              "@type": "string",
              "@value": "EXACT"
            },
            "field": {
              "@type": "string",
              "@value": "response_status"
            },
            "value": {
              "@type": "string",
              "@value": "404"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          },
          {
            "type": {
              "@type": "string",
              "@value": "EXACT"
            },
            "field": {
              "@type": "string",
              "@value": "from_nginx"
            },
            "value": {
              "@type": "string",
              "@value": "true"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          }
        ],
        "alert_conditions": [],
        "matching_type": {
          "@type": "string",
          "@value": "AND"
        },
        "disabled": {
          "@type": "boolean",
          "@value": false
        },
        "description": {
          "@type": "string",
          "@value": "All requests that were answered with a HTTP 404 by nginx"
        },
        "default_stream": {
          "@type": "boolean",
          "@value": false
        }
      },
      "constraints": [
        {
          "type": "server-version",
          "version": ">=3.0.0+db6cf59"
        }
      ]
    },
    {
      "v": "1",
      "type": {
        "name": "stream",
        "version": "1"
      },
      "id": "be3273d1-ff76-4ab5-8471-f7f2c3a8593e",
      "data": {
        "alarm_callbacks": [],
        "outputs": [],
        "remove_matches": {
          "@type": "boolean",
          "@value": false
        },
        "title": {
          "@type": "string",
          "@value": "nginx HTTP 5XXs"
        },
        "stream_rules": [
          {
            "type": {
              "@type": "string",
              "@value": "GREATER"
            },
            "field": {
              "@type": "string",
              "@value": "response_status"
            },
            "value": {
              "@type": "string",
              "@value": "499"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          },
          {
            "type": {
              "@type": "string",
              "@value": "SMALLER"
            },
            "field": {
              "@type": "string",
              "@value": "response_status"
            },
            "value": {
              "@type": "string",
              "@value": "600"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          },
          {
            "type": {
              "@type": "string",
              "@value": "EXACT"
            },
            "field": {
              "@type": "string",
              "@value": "from_nginx"
            },
            "value": {
              "@type": "string",
              "@value": "true"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          }
        ],
        "alert_conditions": [],
        "matching_type": {
          "@type": "string",
          "@value": "AND"
        },
        "disabled": {
          "@type": "boolean",
          "@value": false
        },
        "description": {
          "@type": "string",
          "@value": "All requests that were answered with a HTTP code in the 500 range by nginx"
        },
        "default_stream": {
          "@type": "boolean",
          "@value": false
        }
      },
      "constraints": [
        {
          "type": "server-version",
          "version": ">=3.0.0+db6cf59"
        }
      ]
    },
    {
      "v": "1",
      "type": {
        "name": "stream",
        "version": "1"
      },
      "id": "1a3bec0f-34e6-41dc-9d38-fb0997fef588",
      "data": {
        "alarm_callbacks": [],
        "outputs": [],
        "remove_matches": {
          "@type": "boolean",
          "@value": false
        },
        "title": {
          "@type": "string",
          "@value": "nginx errors"
        },
        "stream_rules": [
          {
            "type": {
              "@type": "string",
              "@value": "EXACT"
            },
            "field": {
              "@type": "string",
              "@value": "nginx_error"
            },
            "value": {
              "@type": "string",
              "@value": "true"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          }
        ],
        "alert_conditions": [],
        "matching_type": {
          "@type": "string",
          "@value": "AND"
        },
        "disabled": {
          "@type": "boolean",
          "@value": false
        },
        "description": {
          "@type": "string",
          "@value": "All requests that were logged into the nginx error_log"
        },
        "default_stream": {
          "@type": "boolean",
          "@value": false
        }
      },
      "constraints": [
        {
          "type": "server-version",
          "version": ">=3.0.0+db6cf59"
        }
      ]
    }
  ]
}
02EVA
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
日志分析里面的max是什么_[日志分析]Graylog2采集Nginx日志 主动方式
weixin_39968592的博客
11-25 116
这次聊一下Graylog如何主动采集Nginx日志,分成两部分:介绍一下 Graylog Collector Sidecar 是什么如何配置 Graylog Collector Sidecar 采集nginx日志一、首先介绍一下Graylog Collector Sidecar  Graylog Collector Sidecar 是一个轻量级的日志采集器,通过访问graylog进行集中式管理,支...
搭建Graylog3.2,并管理Nginx日志(一)
qq_30322893的博客
03-21 2290
Graylog是一个优秀的日志平台,这几天因为需要使用他,所以在这里记录一下安装和使用。 Graylog3.2版本文档:https://docs.graylog.org/en/3.2/index.html 准备工作 系统环境:Ubuntu18、docker、docker-compose 安装 我选择了docker的安装方式,Graylog需要mongo、elasticsearch的...
CENTOS安装 graylog5.0
07-18 398
我们直接开始。
graylog+kafka+zookeeper(单机测试及源码),kafka+zookeeper组件部署(二)
cucgyfjklx的博客
01-05 1万+
graylog+kafka+zookeeper(单机测试及源码),kafka+zookeeper组件部署(二)
Graylog单机版安装,Graylog安装脚本一键实现在线离线安装
这有一片海的博客
11-26 3641
本文介绍了Graylog单机版安装过程,以及graylog一键安装脚本,并记录了遇到了相关问题的解决方案。同时提供了Dokcer-compose的安装方式。
nginx_log_analysis:nginx日志分析
05-26
nginx_log_analysis是基于Ngx_Lua模块开发,日志通过UDP协议网络传输到InfluxDB数据库,可以部署Nginx和OpenResty上,它有如 下的功能: 1、支持Nginx集群日志集中存储 2、支持正则表达式的URI日志分析 3、支持...
log_format为Nginx设置日志格式1
08-03
Nginx提供了两个主要的指令来处理日志相关设置,分别是`log_format`和`access_log`。 `log_format`指令用于定义日志的格式,它允许我们定制日志内容,以满足特定的分析需求。默认的日志格式可能不足以提供我们需要...
使用log_format为Nginx服务器设置更详细的日志格式方法
09-30
`log_format`是Nginx配置中的一个关键指令,允许管理员自定义日志文件的输出格式,以满足特定的监控需求。本文将详细介绍如何使用`log_format`来设置更详细的Nginx日志格式,并解析其可选参数及其意义。 首先,了解...
graylog_nginx_https_config
03-10
5. **Graylog 配置**:在 Graylog 服务器上,确保配置允许从 Nginx 的 IP 访问。如果 Graylog 使用了防火墙或安全组规则,需要添加相应的入口规则。 6. **测试与验证**:配置完成后,使用 `nginx -t` 命令检查配置...
ngx_log_mod:Nginx独立的日志模块
07-01
ngx_log_mod nginx 独立日志模块 输出日志到独立的日志文件,由于对nginx日志格式不喜欢,加上nginx日志不带有文件及行号等信息,开发了这个模块。主要用于在开发系统时,业务系统相关的日志独立输出到不同的文件,...
Graylog收集nginx日志做地图事态感知
King config
10-19 1901
这个东西有什么用呢 我们通过搜集日志的信息。将日志在通过Graylog进行分析,例如将日志中的IP地址进行字段提取 ,可以分析用户的访问地,做一个统计,可以灵敏感知用户群体分布地如下图 搜集日志的过程如下图 Graylog Sidecar是一种针对不同日志收集器的轻量级配置管理系统,Graylog 节点充当包含日志收集器配置的集中式枢纽。 在支持的消息生成设备/主机上,Sidecar 可以作为服务(Windows 主机)或守护程序(Linux 主机)运行。 日志收集器配置通过
Graylog分析Nginx日志并通过GeoIP2获取访问者IP的地理位置信息
weixin_34220963的博客
07-02 871
简介: Graylog相对于ELK是较为轻量级的日志管理平台 Graylog官网:https://×××w.graylog.org/ Graylog-server:Graylog接收来自后端各种应用程序的日志并提供Web访问接口 Graylog Collector Sidecar:负责收集应用程序日志并发送至Graylog-server Elasticsearch:用于索引和保存接收到的日...
Centos7部署Graylog5.2日志系统
最新发布
LoongKK的博客
12-07 1760
Graylog 5.2适配MongoDB 5.x~6.x,MongoDB5.0+要求。
Centos7 安装Graylog 5.0收集网络设备运行日志+卸载GrayLog服务
qixiaolinlin的博客
04-05 6285
对于日志监控业界常用的有ELK、Loki、Graylog等系统,最近在做技术选型时,对比了各个系统的情况,Graylog的一体化方案很符合现有需求。Graylog算是轻量级的ELK,也有很多企业在使用Graylog查看日志和监控业务日志Graylog中文资料相对较少,在技术选型和开发过程中对资料进行整理。Graylog包含了告警、归档(商业版)、面板、日志查看、Rest API、组管理等功能。本文主要介绍Graylog的相关组件和基本流程。官方:https://docs.graylog.org/
Graylog2采集Nginx日志 主动方式(转)
完颜振江
06-06 357
【代码】Graylog2采集Nginx日志 主动方式(转)
graylog日志部署与使用
luslin1711的博客
11-28 1805
graylog是一个简单易用、功能较全面的日志管理工具,graylog也采用Elasticsearch作为存储和索引以保障性能,MongoDB用来存储少量的自身配置信息,master-node模式具有很好的扩展性,UI上自带的基础查询与分析功能比较实用且高效,支持LDAP、权限控制并有丰富的日志类型和标准(如syslog,GELF)并支持基于日志的报警。
graylog+kafka+zookeeper(单机测试及源码),graylog设置URL报警方式(五)
热门推荐
cucgyfjklx的博客
01-06 1万+
graylog+kafka+zookeeper(单机测试及源码),graylog设置URL报警方式(五)
graylog 通过NGINX 反向代理配置
日拱一卒无有尽,功不唐捐终入海
12-18 968
这里写自定义目录标题新的改变功能快捷键合理的创建标题,有助于目录的生成如何改变文本的样式插入链接与图片如何插入一段漂亮的代码片生成一个适合你的列表创建一个表格设定内容居中、居左、居右SmartyPants创建一个自定义列表如何创建一个注脚注释也是必不可少的KaTeX数学公式新的甘特图功能,丰富你的文章UML 图表FLowchart流程图导出与导入导出导入 官网的教程 http://docs.gra...
Graylog-日志系统简介
这有一片海的博客
11-12 6909
Graylog 开源版官网:Graylog是一个开源的日志聚合、分析、审计、展现和预警工具。在功能上来说,和ELK类似,但又比ELK要简单很多。依靠着更加简洁,高效,部署使用简单的优势很快受到许多人的青睐。当然,在扩展性上面确实没有比ELK好,但是其有商业版本可以选择。Input表示日志数据的来源,对不同来源的日志可以通过Extractors来进行日志的字段转换,比如对Nginx访问日志进行字段拆分,解析状态码、URL等数据。然后可以通过pipeline建立数据过滤规则。
nginx php format,使用log_format为Nginx服务器设置更详细的日志格式
05-24
Nginx服务器上,可以使用log_format来设置更详细的日志格式。以下是一个示例配置: ``` http { # 定义日志格式 log_format myformat '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值