收集Nginx-access，Nginx-error日志

1.配置Logstash

[root@Logstash logstash]# vim /usr/local/logstash/config/nginx_log.conf

input {

  beats {

    port => "5044"

     }

}

filter {

    if [type] == "nginx"{

    grok {

    match => { "message" => "%{NGINXACCESS}" }

 

  }

 

  }

 

  date {

    match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]

    target => ["datetime"]

  }

  geoip {

    source => "clientip"

  }

 

}

output {

     if [fields][logsource] == "nginx_access"{

     elasticsearch {

      hosts => ["192.168.200.130:9200"]

      index => "nginx_access"

     }

  }

   if [fields][logsource] == "nginx_error"{

     elasticsearch {

      hosts => ["192.168.200.130:9200"]

      index => "nginx_error"

     }

  }

 

  stdout { codec => rubydebug }

}

2.配置filebeat：

[root@mobanji filebeat]# egrep -v "#|^$" filebeat.yml

filebeat.prospectors:

- type: log

  fields:

    logsource: nginx_access

    log_type: access_log

  paths:

    - /usr/local/nginx/logs/access.log

- type: log

  fields:

    logsource: nginx_error

    log_type: error_log

  paths:

    - /usr/local/nginx/logs/error.log

output.logstash:

  hosts: ["192.168.200.131:5044"]