首页 > 代码库 > logstash 配置
logstash 配置
今天重新调整了下配置文件,之前的apache_errorlog未匹配到clientip。
1.首先修改shipper.conf
input {
file {
type => "apache-accesslog"
path => "/var/log/httpd/access_log"
}
file {
type => "apache-errorlog"
path => "/var/log/httpd/error_log"
}
}
filter {
if [type] == "apache-accesslog" {
grok {
type => "apache-accesslog"
pattern => "%{COMBINEDAPACHELOG}"
patterns_dir => "/opt/logstash/patterns"
}
}
else if [type] == "apache-errorlog" {
grok {
type => "apache-errorlog"
match => { "message" => "%{APACHEERRORLOG}" }
patterns_dir => [ "/opt/logstash/lib/logstash/grok" ]
#pattern => "%{LOGLEVEL}"
#patterns_dir => "/usr/local/src/logstash-1.4.2/patterns"
}
}
}
output {
redis {
host => ‘192.168.1.101‘
data_type => ‘list‘
key => ‘logstash‘
}
}apache-errorlog匹配的patterns写入一个文件中,也可以直接在后面写。我这里写入文件中,文件内容如下:
HTTPERRORDATE %{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}
APACHEERRORLOG \[%{HTTPERRORDATE:timestamp}\] \[%{WORD:severity}\] \[client %{IPORHOST:clientip}\] %{GREEDYDATA:message_remainder}2.下面是indexer.conf
input {
redis {
host => "localhost"
data_type =>"list"
port => "6379"
key => "logstash"
type => "apache-(access|error)log"
codec => "json"
}
}
output {
elasticsearch {
host => "localhost"
}
}3.重启服务
# /bin/logstash -f conf/shipper.conf & # /bin/logstash -f conf/indexer.conf &
4.查看图形,访问日志跟错误日志都能显示客户端IP
本文出自 “charlie_cen” 博客,请务必保留此出处http://charlie928.blog.51cto.com/3741218/1551624
logstash 配置
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。