apache访问日志logstash配置文件实例1-创新互联
日志格式: LogFormat "%{clientip}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{clientip}i.%{cookie}n\"" combined 日志实例: 183.60.150.34 - - [23/Jun/2017:17:57:52 +0800] "GET /jump/cps.jsp?projectcode=0085001&cid=A200647189%7c%7c0000&url=http%3a%2f%2fwww.mangocity.com HTTP/1.1" 302 - "http://myhenan.qq.com/t-7947749-1.htm" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.108 Safari/537.36 2345Explorer/8.6.1.15524" "183.60.150.34.10.10.130.100.1498211872045986" logstash配置文件: input { file { type => "www_access" path => ["/usr/local/elk/elklog/apachelog/log0/www.mangocity.com-access_log","/usr/local/elk/elklog/apachelog/log1/www.mangocity.com-access_log"] } file { type => "ro_access" path => ["/usr/local/elk/elklog/apachelog/log0/ro.mangocity.com-access_log","/usr/local/elk/elklog/apachelog/log1/ro.mangocity.com-access_log"] } } filter { grok { match => { "message" => '(%{USER:clientip}|%{IPORHOST:clientip}|%{IPORHOST:clientip}, %{IPORHOST}) %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response:int} (?:-|%{NUMBER:bytes:int}) %{QS:referrer} %{QS:agent}' } } date { match => [ "timestamp", "dd/MMM/YYYY:HH:mm:ss Z" ] locale => en } geoip { source => "clientip" } useragent { source => "agent" target => "useragent" } } output { redis { host => "10.10.45.200" data_type => "list" key => "elk_frontend_access:redis" port=>"5379" } }
另外有需要云服务器可以了解下创新互联scvps.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。
创新互联主要从事成都网站设计、成都网站建设、网页设计、企业做网站、公司建网站等业务。立足成都服务沿河,十余年网站建设经验,价格优惠、服务专业,欢迎来电咨询建站服务:13518219792新闻标题:apache访问日志logstash配置文件实例1-创新互联
文章源于:http://hbruida.cn/article/jhgcj.html