首页 > 代码库 > ELK分析IIS日志
ELK分析IIS日志
LogStash.conf
input { file { type => "iis_log" path => ["C:/inetpub/logs/LogFiles/W3SVC2/u_ex*.log"] }}filter { #ignore log comments if [message] =~ "^#" { drop {} } grok { # check that fields match your IIS log settings match => ["message", "%{TIMESTAMP_ISO8601:log_timestamp} (%{IPORHOST:s-ip}|-) (%{WORD:cs-method}|-) %{NOTSPACE:cs-uri-stem} %{NOTSPACE:cs-uri-query} (%{NUMBER:s-port}|-) (%{NOTSPACE:c-username}|-) (%{IPORHOST:c-ip}|-) %{NOTSPACE:cs-useragent} (%{NUMBER:sc-status}|-) (%{NUMBER:sc-win32-status}|-) (%{NUMBER:time-taken}|-)"] } #Set the Event Timesteamp from the log date { match => [ "log_timestamp", "YYYY-MM-dd HH:mm:ss" ] timezone => "Etc/UCT" } mutate { remove_field => [ "log_timestamp"] convert => [ "sc-bytes", "float" ] convert => [ "cs-bytes", "float" ] convert => [ "time-taken", "float" ] } mutate { remove_field => [ "log_timestamp"] convert => [ "sc-bytes", "float" ] convert => [ "cs-bytes", "float" ] convert => [ "time-taken", "float" ] }}output { stdout {codec => rubydebug } elasticsearch { hosts => ["localhost:9200"] index => "logstash-%{type}-%{+YYYY.MM.dd}" flush_size => 20000 idle_flush_time => 10 template_overwrite => true } redis { host => ‘127.0.0.1‘ data_type => ‘list‘ key => ‘logstash:redis‘ }}ELK分析IIS日志
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。