Filebeat nginx openresty日志收集

浏览:179     发布时间:2023-08-28 08:36:52      博主:【张良人】

打开配置

module.d/nginx.yml

vim /etc/filebeat/modules.d/nginx.yml 
- module: nginx
  access:
    enabled: true
    var.paths: ["/nginx/access-*.log"]
  error:
    enabled: true
    var.paths: ["/nginx/error.log*"]

#路径格式参考
/path/to/log/*/*.log

支持nginx日志字段

https://www.elastic.co/guide/en/beats/filebeat/current/exported-fields-nginx.html

配置nginx收集普通日志格式

vim /etc/nginx/nginx.conf

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

[root@nginx02 ~]# tail -f /var/log/nginx/www_access.log
192.168.81.210 - - [21/Jan/2021:15:46:49 +0800] "GET / HTTP/1.1" 200 10 "-" "curl/7.29.0" "-"

收集json日志格式

https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html

httpjson日志

https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html