2018-01-30 logstash grok nginx 错误日志

1、nginx错误日志格式

2018/01/29 09:23:46 [error] 47257#0: *20123469 open() "/data/wwwroot/soufeel-com-project/skin/frontend/smartwave/porto/css/responsive.css" failed (2: No such file or directory), client: 172.31.10.121, server: www.soufeel.com, request: "GET /skin/frontend/smartwave/porto/css/responsive.css HTTP/1.1", host: "www.soufeel.com.my", referrer: "http://www.soufeel.com.my/inner-senses-stopper-charm-925-sterling-silver.html"
2018/01/29 09:38:12 [error] 69578#0: *20134621 open() "/data/wwwroot/soufeel-com-project/skin/frontend/smartwave/default/fonts/fonts/fonts/fonts/ProximaNova-Regular.svg" failed (2: No such file or directory), client: 172.31.20.224, server: www.soufeel.com, request: "GET /skin/frontend/smartwave/default/fonts/fonts/fonts/fonts/ProximaNova-Regular.svg HTTP/1.1", host: "www.soufeel.com"

2、修改logstash配置文件

input {
     file {
          path => ["/nginx/error.log"]
          start_position => "beginning"
           }
}

filter {
      grok {
              match => [
            "message", "(?<time>\d{4}/\d{2}/\d{2}\s{1,}\d{2}:\d{2}:\d{2})\s{1,}\[%{DATA:err_severity}\]\s{1,}(%{NUMBER:pid:int}#%{NUMBER}:\s{1,}\*%{NUMBER}|\*%{NUMBER}) %{DATA:err_message}(?:,\s{1,}client:\s{1,}(?<client_ip>%{IP}|%{HOSTNAME}))(?:,\s{1,}server:\s{1,}%{IPORHOST:server})(?:, request: %{QS:request})?(?:, host: %{QS:client_ip})?(?:, referrer: \"%{URI:referrer})?",
            "message", "(?<time>\d{4}/\d{2}/\d{2}\s{1,}\d{2}:\d{2}:\d{2})\s{1,}\[%{DATA:err_severity}\]\s{1,}%{GREEDYDATA:err_message}"]
                  add_field => ["[@metadata][zabbix_host]","beijing.zhangdazhi.com"]
                  add_field => ["[@metadata][zabbix_key]","logstash.key"]
        }
        date {
        match => ["time", "yyyy/MM/dd HH:mm:ss"]
    }
     geoip {
       source => "clientip"
       target => "geoip"
       database => "/app/GeoLite2-City_20180102/GeoLite2-City.mmdb"
       add_field => ["[geoip][coordinates]","%{[geoip][longitude]}"]
     add_field => ["[geoip][coordinates]","%{[geoip][latitude]}"]
          }
    mutate {
            convert => [ "[geoip][coordinates]", "float"]
                }
 }
output {
       elasticsearch {
                    hosts => ["http://66.112.215.110:9200"]
                    index => "logstash-apache-access-%{+YYYY.MM.dd}"
                    action => "index"
                    document_type => "apache_logs"
                   }
      stdout{ codec => rubydebug }
      zabbix {
              timeout => 1
              workers => 1
              zabbix_host => "[@metadata][zabbix_host]"
              zabbix_server_host => "66.112.215.110"
              zabbix_server_port => 10051
              zabbix_key => "[@metadata][zabbix_key]"
              zabbix_value => "message"
              }
}
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容