EFK-7.8.0

用efk收集nginx日志
1.解压filebeats。

[root@localhost ~] tar xzf filebeat-7.8.0-linux-x86_64.tar.gz -C /usr/local/
 [root@localhost ~] yum -y install epel*;yum -y install nginx
[root@localhost ~] cd /usr/local
[root@localhost ~] mv filebeat-7.8.0-linux-x86_64/ filebeat
[root@localhost ~] cd filebeat/
[root@localhost ~] mv filebeat.yml filebeat.yml.bak
[root@localhost ~]  vim filebeat.yml
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /var/log/nginx/*.log

output:
  elasticsearch:
    hosts: ["10.8.156.70:9200"]
    indices:
      - index: "nginx-%{+YYYY.MM.dd}"

然后去修改nginx的配置文件

[root@localhost ~] vim /etc/nginx/nginx.conf
http {
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  /var/log/nginx/access.log  main;

log_format  json '{"@timestamp":"$time_iso8601",'
                           '"@version":"1",'
                           '"client":"$remote_addr",'
                           '"url":"$uri",'
                           '"status":"$status",'
                           '"domain":"$host",'
                           '"host":"$server_addr",'
                           '"size":$body_bytes_sent,'
                           '"responsetime":$request_time,'
                           '"referer": "$http_referer",'
                           '"ua": "$http_user_agent"'
               '}';
access_log  /var/log/nginx/access_json.log  json;

最后去启动nginx和filebeats

[root@localhost ~] nohup ./filebeat -e -c filebeat.yml &
image.png
最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。