Logstash_Apache日志采集 

[root@Cagios logstash-2.1.0]# cat /usr/local/logstash-2.1.0/logstash_agent.conf 
input {
  file {
    type => "apache_access"
    path => ["/var/log/httpd/access_log"]
  }
}

filter {
  grok {
    match => {"message" => "%{COMBINEDAPACHELOG}"}
  }
}

output {
  stdout {codec => rubydebug }
  redis {
    host => '192.168.55.133'
    data_type => 'list'
    key => 'logstash:redis'
  }
}

 

# 采集到的日志格式

{
        "message" => "192.168.55.1 - - [08/Dec/2015:12:35:21 +0800] \"POST /zabbix/jsrpc.php?output=json-rpc HTTP/1.1\" 200 64 \"http://192.168.55.132/zabbix/hostgroups.php?sid=ec7705df8ce1f99f\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36\"",
       "@version" => "1",
     "@timestamp" => "2015-12-08T04:35:21.342Z",
           "host" => "0.0.0.0",
           "path" => "/var/log/httpd/access_log",
           "type" => "apache_access",
       "clientip" => "192.168.55.1",
          "ident" => "-",
           "auth" => "-",
      "timestamp" => "08/Dec/2015:12:35:21 +0800",
           "verb" => "POST",
        "request" => "/zabbix/jsrpc.php?output=json-rpc",
    "httpversion" => "1.1",
       "response" => "200",
          "bytes" => "64",
       "referrer" => "\"http://192.168.55.132/zabbix/hostgroups.php?sid=ec7705df8ce1f99f\"",
          "agent" => "\"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36\""
}

 

posted @ 2015-12-08 12:38  ca0guo  阅读(1855)  评论(0编辑  收藏  举报