filebeat获取nginx的access日志配置
filebeat获取nginx的access日志配置 产生nginx日志的服务器即生产者服务器配置: 拿omp.chinasoft.com举例: 1.nginx.conf主配置文件添加日志格式 log_format log_json '{ "remote_addr": "$remote_addr", ' '"remote_user": "$remote_user", ' '"time_local": "$time_local", ' '"request_url": "$scheme://$host$request_uri", ' '"status": "$status", ' '"body_bytes_sent": "$body_bytes_sent", ' '"http_referer": "$http_referer", ' '"http_user_agent": "$http_user_agent", ' '"http_x_forwarded_for": "$http_x_forwarded_for", ' '"request_time": "$request_time", ' '"timestamp": "$msec", ' '"request_method": "$request_method", ' '"root_id": "$root_id", ' '"trace_id": "$http_trace_id", ' '"span_id": "$http_span_id" ' '}'; 2.vhosts虚拟主机配置 a.server部分添加追踪参数 ####### 添加链路追踪参数 ######### set $app_name "omp.chinasoft.com"; set $root_id $pid.$msec.$remote_addr.$connection.$connection_requests; if ($http_root_id != "") { set $root_id $http_root_id; } 2.location部分添加 ####### 添加链路追踪参数 ######### fastcgi_param ROOT_ID $root_id; fastcgi_param APP_NAME $app_name; 3.调整日志的路径 error_log /data/www/logs/nginx_log/error/omp.chinasoft.com_error.log; access_log /data/www/logs/nginx_log/access/omp.chinasoft.com_access.log log_json; # 具体配置 # cat /usr/local/nginx/config/vhost.d/omp.chinasoft.com server { listen 80; server_name omp.chinasoft.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; ssl_certificate /usr/local/nginx/config/cert2016/chinasoft_com.crt; ssl_certificate_key /usr/local/nginx/config/cert2016/chinasoft_com.key; ssl_session_cache shared:SSL1:20m; ssl_session_timeout 60m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; server_name omp.chinasoft.com; index index.html index.php; root /var/www/vhosts/cloud_oa/public; client_max_body_size 800M; add_header Ws-From 'http/1.1 2.1.1.1 stable'; set $app_name "omp.chinasoft.com"; set $root_id $pid.$msec.$remote_addr.$connection.$connection_requests; if ($http_root_id != "") { set $root_id $http_root_id; } location / { try_files $uri $uri/ /index.php?$query_string; } location ~ /*\.php { fastcgi_param ROOT_ID $root_id; fastcgi_param APP_NAME $app_name; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param APP_ENV "production"; fastcgi_pass unix:/tmp/php5.6-fpm.sock; fastcgi_index index.php; } location ~ .*\.(xml|gif|jpg|jpeg|png|bmp|swf|woff|woff2|ttf|js|css)$ { expires 30d; } #error_log /var/log/nginx/omp.chinasoft.com_error.log; #access_log /var/log/nginx/omp.chinasoft.com_access.log; error_log /data/www/logs/nginx_log/error/omp.chinasoft.com_error.log; access_log /data/www/logs/nginx_log/access/omp.chinasoft.com_access.log log_json; } 3.filebeat的配置 # cat /usr/local/filebeat-7.3.1-linux-x86_64/modules.d/nginx.yml # Module: nginx # Docs: https://www.elastic.co/guide/en/beats/filebeat/7.3/filebeat-module-nginx.html filebeat.inputs: # 采集nginx错误日志 - type: log enabled: true paths: - /data/www/logs/nginx_log/error/*_error.log fields: log_type: ngx_error fields_under_root: true tail_files: true multiline.pattern: '^\[' multiline.negate: true multiline.match: after # 采集nginx访问日志 - type: log enabled: true paths: - /data/www/logs/nginx_log/access/*_access.log fields: log_type: ngx_access fields_under_root: true tail_files: true exclude_lines: ['\.(xml|gif|jpg|jpeg|png|bmp|swf|woff|woff2|ttf|js|css|svg|ico)'] # 输出 output.kafka: hosts: ["1.1.1.1:19092"] topic: filebeats-log # 启动filebeat命令 ./filebeat -c modules.d/nginx.yml /usr/local/filebeat-7.3.1-linux-x86_64/filebeat -c /usr/local/filebeat-7.3.1-linux-x86_64/modules.d/nginx.yml & 查看kafka日志具体内容的命令: kafka配置路径,可以查看日志存放的路径: config/server.config /usr/local/elk/kafka/bin/kafka-run-class.sh kafka.tools.DumpLogSegments --files /data/kafka/logs/filebeats-log-omp-0/00000000000000000000.log --print-data-log filebeat udp监听配置 filebeat.inputs: # 监听udp - type: udp enabled: true host: "0.0.0.0:9999" output.kafka: hosts: ["10.10.18.242:9092"] topic: filebeats-log # 采集者 processors: - drop_fields: fields: ["ecs", "input", "agent", "@metadata", "tags"]