logstash分析nginx、dns日誌
elk分析nginx、dns日誌
部署環境html
192.168.122.187java |
Logstash-1.5.1 elasticsearch-1.6.0 kibana-4.1.1linux |
Centos6.4nginx |
192.168.122.1redis |
Redis-2.8json |
Centos7.1dom |
192.168.122.2elasticsearch |
Centos6.4url |
|
192.168.122.247 |
Bind9 logstash-1.5.2 supervisor-2.1-9 java-1.7 |
Centos6.2 |
安裝過程就不復述了,參考http://kibana.logstash.es/content/logstash/get_start/install.html
安裝時注意的幾個地方
一、java最好是1.7
二、server上的logstash我直接用rpm裝的就能用,可是agent端的就很差使,沒有深究
三、elasticsearch、kibana還有agent端的logstash我都是用supervisor運行的
四、supervisor直接就是epel的yum裝的
貼下配置
192.168.122.187上:
Logstash的配置
server端的logstash是rpm安裝的
[root@c6test ~]# cat /etc/logstash/conf.d/central.conf
input {
redis {
host => "192.168.122.1"
port => 6379
type => "redis-input"
data_type => "list"
key => "logstash"
codec => 'json'
}
}
output {
elasticsearch {
host => "127.0.0.1"
}
}
elasticsearch
/usr/local/elasticsearch-1.6.0/config/elasticsearch.yml保持默認
Kibana
/usr/local/kibana-4.1.1-linux-x64/config/kibana.yml 保持默認
192.168.122.1上
Redis的配置也沒動。。。
192.168.122.2上
Nginx的
#nginx這裏的區別就是log這塊的配置,配成json格式
log_format json '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"url":"$uri",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"agent":"$http_user_agent",'
'"status":"$status"}';
-----------------------------
access_log /var/log/nginx/zabbix_access.log json;
logstash的
[root@zabbixproxy-005002 ~]# cat /usr/local/logstash-1.5.2/conf/shipper.conf
input {
file {
type => "test-nginx"
path => ["/var/log/nginx/zabbix_access.log"]
codec => "json"
}
}
output {
stdout {}
redis {
host => "192.168.122.1"
port => 6379
data_type => "list"
key => "logstash"
}
}
Supervisor的
[root@zabbixproxy-005002 ~]# cat /etc/supervisord.conf |grep -v \;
[supervisord]
[program:logstash]
command=/usr/local/logstash-1.5.2/bin/logstash agent --verbose --config /usr/local/logstash-1.5.2/conf/shipper.conf --log /usr/local/logstash-1.5.2/logs/stdout.log
process_name=%(program_name)s
numprocs=1
autostart=true
autorestart=true
startretries=5
exitcodes=0
stopsignal=KILL
stopwaitsecs=5
redirect_stderr=true
[supervisorctl]
192.168.122.247上
Bind的配置用默認的便可
Logstash的
[root@sys-247245 ~]# cat /usr/local/logstash/conf/shipper.conf
input {
file {
type => "dnslog"
path => ["/home/dnslog/*.log"]
}
}
filter {
#因爲dns日誌沒辦法定義成json,我又不會grok,因此這裏用mutate來切割
mutate {
gsub => ["message","#"," "]
split => ["message"," "]
}
mutate {
add_field => {
"client" => "%{[message][5]}"
"domain_name" => "%{[message][10]}"
"server" => "%{[message][14]}"
}
}
}
output {
stdout {}
redis {
host => "192.168.122.1"
port => 6379
data_type => "list"
key => "logstash"
}
}
Supervisor的
[root@sys-247245 ~]# cat /etc/supervisord.conf |grep -v \;|grep -v ^$
[supervisord]
[supervisorctl]
[program:logstash]
command=/usr/local/logstash/bin/logstash agent --verbose --config /usr/local/logstash/conf/shipper.conf --log /usr/local/logstash/logs/stdout.log
process_name=%(program_name)s
numprocs=1
autostart=true
autorestart=true
startretries=5
exitcodes=0
stopsignal=KILL
stopwaitsecs=5
redirect_stderr=true
配置kibana
Nginx
一、在discover搜索nginx相關的日誌,以後保存
二、在visualize部署單個的圖表,以後保存
三、在dashboard將幾個nginx的visualize的圖表連起來
Dns
一、在discover搜索dns相關的日誌,以後保存
二、在visualize部署單個的圖表,以後保存
三、在dashboard將幾個dns的visualize的圖表連起來
遇到的問題
自定義的field在discover上能看到,可是在製做visualize時看不到
這種狀況是因爲沒有刷新索引的field致使的,默認的索引用的是logstash-*,在「Settings」—Indices中看到,點擊logstash-*進去以後,點擊刷新按鈕
相關文章
- 1. logstash分析nginx、dns日誌
- 2. ELK-Logstash Nginx 日誌分析
- 3. logstash 分析nginx 錯誤日誌
- 4. LogStash日誌分析系統
- 5. logstash-grok解析nginx+php日誌
- 6. Logstash解析Nginx訪問日誌
- 7. Nginx日誌分析
- 8. nginx 日誌分析
- 9. Nginx 日誌分析
- 10. nginx日誌分析
- 更多相關文章...
- • Docker 安裝 Nginx - Docker教程
- • SQLite 日期 & 時間 - SQLite教程
- • Git五分鐘教程
- • 算法總結-二分查找法
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章