apache通路日志 logstash 配置檔案執行個體1
日志格式:
LogFormat "%{clientip}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{clientip}i.%{cookie}n\"" combined
日志執行個體:
183.60.150.34 - - [23/Jun/2017:17:57:52 +0800] "GET /jump/cps.jsp?projectcode=0085001&cid=A200647189%7c%7c0000&url=http%3a%2f%2fwww.mangocity.com HTTP/1.1" 302 - "http://myhenan.qq.com/t-7947749-1.htm" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.108 Safari/537.36 2345Explorer/8.6.1.15524" "183.60.150.34.10.10.130.100.1498211872045986"
logstash配置檔案:
input {
file {
type => "www_access"
path => ["/usr/local/elk/elklog/apachelog/log0/www.mangocity.com-access_log","/usr/local/elk/elklog/apachelog/log1/www.mangocity.com-access_log"]
}
file {
type => "ro_access"
path => ["/usr/local/elk/elklog/apachelog/log0/ro.mangocity.com-access_log","/usr/local/elk/elklog/apachelog/log1/ro.mangocity.com-access_log"]
}
}
filter {
grok {
match => {
"message" => '(%{USER:clientip}|%{IPORHOST:clientip}|%{IPORHOST:clientip}, %{IPORHOST}) %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response:int} (?:-|%{NUMBER:bytes:int}) %{QS:referrer} %{QS:agent}'
}
}
date {
match => [ "timestamp", "dd/MMM/YYYY:HH:mm:ss Z" ]
locale => en
}
geoip {
source => "clientip"
}
useragent {
source => "agent"
target => "useragent"
}
}
output {
redis {
host => "10.10.45.200"
data_type => "list"
key => "elk_frontend_access:redis"
port=>"5379"
}
}
©著作權歸作者所有:來自51CTO部落格作者ConfusedSnail的原創作品,如需轉載,請注明出處,否則将追究法律責任