1:安装nginx - 这里只是为了收集日记,采用 yum 安装,如果想编译安装:请参考我的另外一遍nginx 编译安装文档。
[root@elk128 ~]# yum install nginx -y
2:启动nginx
[root@elk128 ~]# useradd nginx
[root@elk128 ~]# systemctl start nginx.service
[root@elk128 ~]# systemctl eaable nginx.service
3:修改nginx的日志格式为json
[root@elk128 ~]# vim /etc/nginx/nginx.conf
修改为:
检查语法:
重启: 或者 nginx -s reload
[root@elk128 ~]# systemctl restart nginx.service
模拟访问:
[root@elk128 ~]# curl - I 192.168.6.128 或者浏览器访问
查看日志是否是json格式:
logstash 收集 nginx 日志到 es 中:
[root@elk128 ~]# cd /etc/logstash/conf.d/
[root@elk128 conf.d]# vim nginx_es.conf
input {
file {
path => "/usr/local/nginx/logs/access.log"
start_position => "end"
type => "nginx_access"
codec => json
}
}
output {
elasticsearch {
hosts => ["10.0.0.51:9200"]
index => "nginxlog15-%{+YYYY.MM.dd}"
}
}
#检测Logstash语法
[root@elk128 ~ conf.d]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/nginx_es.conf -t
#启动Logstash
[root@elk128 ~ conf.d]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/nginx_es.conf &
es:查看是否生成索引:
