ELK + Filebeat日志分析系统安装 - 分析设计

TOP

ELK + Filebeat日志分析系统安装(三)

2019-09-17 18:54:59 【大中小】浏览:72次

$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" ' '$request_time $upstream_response_time $http_x_forwarded_for $upstream_addr';

然后，创建自定义正则文件

vi /usr/local/elk/app/logstash-5.1.1/patterns/nginx

URIPARM1 [A-Za-z0-9$.+!*'|(){},~@#%&/=:;^\\_<>`?\-\[\]]*
URIPATH1 (?:/[\\A-Za-z0-9$.+!*'(){},~:;=@#% \[\]_<>^\-&?]*)+
HOSTNAME1 \b(?:[0-9A-Za-z_\-][0-9A-Za-z-_\-]{0,62})(?:\.(?:[0-9A-Za-z_\-][0-9A-Za-z-:\-_]{0,62}))*(\.?|\b)
STATUS ([0-9.]{0,3}[, ]{0,2})+
HOSTPORT1 (%{IPV4}:%{POSINT}[, ]{0,2})+
FORWORD (?:%{IPV4}[,]?[ ]?)+|%{WORD}
NGINXACCESS (%{HOSTNAME1:http_host}|-) %{IPORHOST:serveraddr} %{IPORHOST:remoteaddr} \[%{HTTPDATE:logtime}\] %{QS:visitflag} %{QS:sessionid} %{QS:loginname} %{QS:request} %{NUMBER:status} %{NUMBER:body_bytes_sent} %{QS:referrer} %{QS:agent} %{NUMBER:upstreamtime} %{NUMBER:responsetime} (%{FORWORD:x_forword_for}|-) (?:%{HOSTPORT1:upstream_addr}|-)

启动logstash

logstash -f /etc/logstash/conf.d/pro-log.conf &

ok，启动之后，我们该启动Filebeat来试试了

修改filebeat.yml

vi /etc/filebeat/filebeat.yml

filebeat.prospectors:

# Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations.

- input_type: log

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /opt/nginx/logs/app.access.log
  fields:
    logIndex: nginx
    docType: nginx-access
    project: app-nginx
#----------------------------- Logstash output --------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["{your-logstash-ip}:5044"]

启动， filebeat -path.config /etc/filebeat/ &

这样就已经正常监控了，访问 http://192.168.2.178:5601/

这时我们能看到nginx的access_log，但是发现，好多静态资源的访问记录也混在了里面，我们去nginx配置一下，过滤掉静态资源的access_log

nginx中设置 access_log off 即可。

大体上，ELK+Filebeat已经搞掂了，其余的就是各种自定义配置的事情了，在这里就不详细讨论了，有时间再写配置篇~

首页上一页 1 2 3 下一页尾页 3/3/3
【大中小】【打印】【繁体】【投稿】【收藏】【推荐】【举报】【评论】【关闭】【返回顶部】

上一篇：java crm 系统进销存 springmvc ..	下一篇：Repository与Factory关系