diff --git a/MD_NEW/日志中心集群.md b/MD_NEW/日志中心集群.md index c2fa3f0..9c65b8a 100644 --- a/MD_NEW/日志中心集群.md +++ b/MD_NEW/日志中心集群.md @@ -317,11 +317,99 @@ huanqiu hahaha ``` +采集单个文件 +```json +[root@logstash ~]# cat /opt/nginx_access_logstash.conf +input{ + file { + path => "/var/log/nginx/access_json.log" + start_position => "beginning" + } +} +output{ + elasticsearch { + hosts => ["10.9.12.86:9200"] + index => "nginx-access-json-%{+YYYY.MM.dd}" + } +} +``` +采集多个文件 +```json +[root@logstash ~]# cat /opt/files.conf +input { + file { + path => "/var/log/messages" + type => "system" + start_position => "beginning" + } +} +input { + file { + path => "/var/log/yum.log" + type => "safeware" + start_position => "beginning" + } +} +output { + if [type] == "system"{ + elasticsearch { + hosts => ["10.9.12.86:9200"] + index => "system-%{+YYYY.MM.dd}" + } + } + if [type] == "safeware"{ + elasticsearch { + hosts => ["10.9.12.86:9200"] + index => "safeware-%{+YYYY.MM.dd}" + } + } +} +``` +#### 4.定义nginx的日志格式并采集 + +Nginx配置文件修改 + +``` + log_format json '{"@timestamp":"$time_iso8601",' + '"@version":"1",' + '"client":"$remote_addr",' + '"url":"$uri",' + '"status":"$status",' + '"domain":"$host",' + '"host":"$server_addr",' + '"size":$body_bytes_sent,' + '"responsetime":$request_time,' + '"referer": "$http_referer",' + '"ua": "$http_user_agent"' + '}'; + + + access_log /var/log/nginx/access_json.log json; +``` + +定义采集配置文件 + +```json +input { + file { + path => "/var/log/nginx/access_json.log" + start_position => "beginning" + } +} +output { + elasticsearch { + hosts => ["192.168.122.118:9200"] + index => "nginx1-%{+YYYY.MM.dd}" + } +} +``` + +ES查看索引,Kibana展示数据 \ No newline at end of file