Logstash IIS 日志采集,跟Linux上运行差不多,都需要java运行环境,装个jdk就好了,对于IIS日志暂时未处理X-forward-for,纠结怎么弄当中,貌似要装个插件,慢慢研究。
input { file { type => "IIS Log" path => ["C:/inetpub/logs/LogFiles/W3SVC2/u_ex*.log"] } } filter { grok { # check that fields match your IIS log settings match => ["message", "%{TIMESTAMP_ISO8601:log_timestamp} %{IPORHOST:site} %{WORD:method} %{URIPATH:page} %{NOTSPACE:querystring} %{NUMBER:port} %{NOTSPACE:username} %{IPORHOST:clienthost} %{NOTSPACE:useragent} %{NUMBER:response} %{NUMBER:subresponse} %{NUMBER:scstatus} %{NUMBER:time_taken}"] } #Set the Event Timesteamp from the log date { match => [ "log_timestamp", "YYYY-MM-dd HH:mm:ss" ] timezone => "Etc/UTC" } useragent { source=> "useragent" prefix=> "browser" } mutate { remove_field => [ "log_timestamp"] } } output { stdout {codec => rubydebug } redis { host => '你的ip地址' data_type => 'list' key => 'logstash:redis' } }
补充:
已经解决 windows iis日志显示源地址插件,可以添加下面这个插件
https://devcentral.f5.com/articles/x-forwarded-for-log-filter-for-windows-servers