filebeat获取nginx的access日志配置

filebeat获取nginx的access日志配置

产生nginx日志的服务器即生产者服务器配置:
拿omp.chinasoft.com举例:
1.nginx.conf主配置文件添加日志格式

log_format  log_json  '{ "remote_addr": "$remote_addr", '
                          '"remote_user": "$remote_user", '
                          '"time_local": "$time_local", '
                          '"request_url": "$scheme://$host$request_uri", '
                          '"status": "$status", '
                          '"body_bytes_sent": "$body_bytes_sent", '
                          '"http_referer": "$http_referer", '
                          '"http_user_agent": "$http_user_agent", '
                          '"http_x_forwarded_for": "$http_x_forwarded_for", '
                          '"request_time": "$request_time", '
                          '"timestamp": "$msec", '
                          '"request_method": "$request_method", '
                          '"root_id": "$root_id", '
                          '"trace_id": "$http_trace_id", '
                          '"span_id": "$http_span_id" '
                        '}';



2.vhosts虚拟主机配置

a.server部分添加追踪参数
####### 添加链路追踪参数 #########
set $app_name "omp.chinasoft.com";
set $root_id $pid.$msec.$remote_addr.$connection.$connection_requests;
if ($http_root_id != "")
{
    set $root_id $http_root_id;
}
2.location部分添加
####### 添加链路追踪参数 #########


fastcgi_param ROOT_ID $root_id;
fastcgi_param APP_NAME $app_name;

 
3.调整日志的路径
error_log /data/www/logs/nginx_log/error/omp.chinasoft.com_error.log;
access_log /data/www/logs/nginx_log/access/omp.chinasoft.com_access.log log_json;


# 具体配置
# cat /usr/local/nginx/config/vhost.d/omp.chinasoft.com 
server {
    listen 80;
    server_name omp.chinasoft.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    ssl_certificate /usr/local/nginx/config/cert2016/chinasoft_com.crt;
    ssl_certificate_key /usr/local/nginx/config/cert2016/chinasoft_com.key;
    ssl_session_cache shared:SSL1:20m;
    ssl_session_timeout 60m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    server_name omp.chinasoft.com;
    index index.html index.php;
    root /var/www/vhosts/cloud_oa/public;

    client_max_body_size 800M;

    add_header Ws-From 'http/1.1 2.1.1.1 stable';

    set $app_name "omp.chinasoft.com";
    set $root_id $pid.$msec.$remote_addr.$connection.$connection_requests;
    if ($http_root_id != "")
    {
        set $root_id $http_root_id;
    }

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ /*\.php {
        fastcgi_param ROOT_ID $root_id;
        fastcgi_param APP_NAME $app_name;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param APP_ENV "production";
        fastcgi_pass unix:/tmp/php5.6-fpm.sock;
        fastcgi_index index.php;
    }

    location ~ .*\.(xml|gif|jpg|jpeg|png|bmp|swf|woff|woff2|ttf|js|css)$ {
        expires 30d;
    }

    #error_log /var/log/nginx/omp.chinasoft.com_error.log;
    #access_log /var/log/nginx/omp.chinasoft.com_access.log;
    error_log /data/www/logs/nginx_log/error/omp.chinasoft.com_error.log;
    access_log /data/www/logs/nginx_log/access/omp.chinasoft.com_access.log log_json;
}


3.filebeat的配置

# cat /usr/local/filebeat-7.3.1-linux-x86_64/modules.d/nginx.yml
# Module: nginx
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.3/filebeat-module-nginx.html
filebeat.inputs:
# 采集nginx错误日志
- type: log
  enabled: true
  paths:
    - /data/www/logs/nginx_log/error/*_error.log
  fields:
    log_type: ngx_error
  fields_under_root: true
  tail_files: true
  multiline.pattern: '^\['
  multiline.negate: true
  multiline.match: after

# 采集nginx访问日志
- type: log
  enabled: true
  paths:
    - /data/www/logs/nginx_log/access/*_access.log
  fields:
    log_type: ngx_access
  fields_under_root: true
  tail_files: true
  exclude_lines: ['\.(xml|gif|jpg|jpeg|png|bmp|swf|woff|woff2|ttf|js|css|svg|ico)']

# 输出
output.kafka:
  hosts: ["1.1.1.1:19092"]
  topic: filebeats-log

# 启动filebeat命令
./filebeat -c modules.d/nginx.yml
/usr/local/filebeat-7.3.1-linux-x86_64/filebeat -c /usr/local/filebeat-7.3.1-linux-x86_64/modules.d/nginx.yml &

查看kafka日志具体内容的命令:
kafka配置路径,可以查看日志存放的路径:
config/server.config

/usr/local/elk/kafka/bin/kafka-run-class.sh kafka.tools.DumpLogSegments --files /data/kafka/logs/filebeats-log-omp-0/00000000000000000000.log --print-data-log


filebeat udp监听配置
filebeat.inputs:

# 监听udp
- type: udp
  enabled: true
  host: "0.0.0.0:9999"

output.kafka:
  hosts: ["10.10.18.242:9092"]
  topic: filebeats-log

# 采集者
processors:
- drop_fields:
    fields: ["ecs",  "input", "agent", "@metadata", "tags"]

 

posted @ 2019-09-19 13:49  reblue520  阅读(2298)  评论(0编辑  收藏  举报