先贴一下我的BELK架构

1、Download and install the Public Signing Key:

# wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -

2、You may need to install the apt-transport-https package on Debian before proceeding:

# aptitude install -y apt-transport-https

3、Save the repository definition to /etc/apt/sources.list.d/elastic-5.x.list:

# echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-5.x.list

4、Run aptitude update, and the repository is ready for use. For example, you can install Filebeat by running:

# aptitude update

# aptitude install -y filebeat

5、To configure the Beat to start automatically during boot, run:

# update-rc.d filebeat defaults 95 10

6、为nginx添加json日志格式

# vim /usr/local/nginx/conf/nginx.conf

log_format json '{"@timestamp":"$time_iso8601",'

                  '"host":"$server_addr",'

                  '"clientip":"$remote_addr",'

                  '"remote_user":"$remote_user",'

                  '"request":"$request",'

                  '"http_user_agent":"$http_user_agent",'

                  '"size":$body_bytes_sent,'

                  '"responsetime":$request_time,'

                  '"upstreamtime":"$upstream_response_time",'

                  '"upstreamhost":"$upstream_addr",'

                  '"http_host":"$host",'

                  '"url":"$uri",'

                  '"domain":"$host",'

                  '"xff":"$http_x_forwarded_for",'

                  '"referer":"$http_referer",'

                  '"status":"$status"}';

access_log /var/log/nginx/access.log json;

7、重载nginx服务

# /usr/local/nginx/sbin/nginx -t

# /usr/local/nginx/sbin/nginx -s reload

8、修改filebeat的配置文件。如果同一台机器上要收集多个日志文件,而且每个日志要输出到不同的索引,那么可以把每个prospector单独定义一个document_type,然后在logstash上通过 if 判断输出到不同的索引。

# vim /etc/filebeat/filebeat.yml

filebeat.prospectors:

- input_type: log

    paths:

        - /usr/local/nginx/logs/zixun.oupeng.com.access.log

    document_type: zixun-nginx-access 

- input_type: log

  paths:

    - /usr/local/nginx/logs/water.oupeng.com.access.log

  document_type: water-nginx-access

- input_type: log

  paths:

    - /usr/local/nginx/logs/nav.oupeng.com.access.log

  document_type: nav-nginx-access

- input_type: log

  paths:

    - /usr/local/nginx/logs/wood.oupeng.com.access.log

  document_type: wood-nginx-access

- input_type: log

  paths:

    - /usr/local/nginx/logs/redir.oupeng.com.access.log

  document_type: redir-nginx-access

- input_type: log

  paths:

    - /usr/local/nginx/logs/default.access.log

  document_type: default-nginx-access

- input_type: log

  paths:

    - /usr/local/nginx/logs/kibana.oupeng.com.access.log

  document_type: kibana-nginx-access 

output.logstash:

  hosts: ["192.168.3.56:5044","192.168.3.49:5044","192.168.3.57:5044"]

  loadbalance: true

9、启动filebeat服务

启动之前可以测试一下配置是否正确

# filebeat.sh --help

-configtest:Test configuration and exit.

-e:Log to stderr and disable syslog/file output

# filebeat.sh -configtest -e

2017/07/09 17:36:59.623072 beat.go:285: INFO Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]

2017/07/09 17:36:59.623123 beat.go:186: INFO Setup Beat: filebeat; Version: 5.5.0

2017/07/09 17:36:59.623211 logstash.go:90: INFO Max Retries set to: 3

2017/07/09 17:36:59.623218 metrics.go:23: INFO Metrics logging every 30s

2017/07/09 17:36:59.623493 outputs.go:108: INFO Activated logstash as output plugin.

2017/07/09 17:36:59.623683 publish.go:295: INFO Publisher name: uy05-09

2017/07/09 17:36:59.625146 async.go:63: INFO Flush Interval set to: 1s

2017/07/09 17:36:59.625176 async.go:64: INFO Max Bulk Size set to: 2048

Config OK


# /etc/init.d/filebeat start

10、编写logstash pipeline配置文件。这里通过 if 判断将不同type的日志输出到不同的索引。

# vim /etc/logstash/conf.d/nginx.conf

input {

  beats {

    port => 5044

    codec => "json"

  }

}

output {

    if [type] == "zixun-nginx-access" {

    elasticsearch {

        hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]

        index => "zixun-nginx-access-%{+YYYY.MM.dd}"

        document_type => "%{[@metadata][type]}"

        template_overwrite => true

        user => elastic

        password => Monkey

    }}

    if [type] == "water-nginx-access" {

    elasticsearch {

        hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]

        index => "water-nginx-access-%{+YYYY.MM.dd}"

        document_type => "%{[@metadata][type]}"

        template_overwrite => true

        user => elastic

        password => Monkey

    }}

    if [type] == "nav-nginx-access" {

    elasticsearch {

        hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]

        index => "nav-nginx-access-%{+YYYY.MM.dd}"

        document_type => "%{[@metadata][type]}"

        template_overwrite => true

        user => elastic

        password => Monkey

    }}

    if [type] == "wood-nginx-access" {

    elasticsearch {

        hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]

        index => "wood-nginx-access-%{+YYYY.MM.dd}"

        document_type => "%{[@metadata][type]}"

        template_overwrite => true

        user => elastic

        password => Monkey

    }}

    if [type] == "redir-nginx-access" {

    elasticsearch {

        hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]

        index => "redir-nginx-access-%{+YYYY.MM.dd}"

        document_type => "%{[@metadata][type]}"

        template_overwrite => true

        user => elastic

        password => Monkey

    }}

    if [type] == "default-nginx-access" {

    elasticsearch {

        hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]

        index => "default-nginx-access-%{+YYYY.MM.dd}"

        document_type => "%{[@metadata][type]}"

        template_overwrite => true

        user => elastic

        password => Monkey

    }}

    if [type] == "zx-opgirl-cn-nginx-access" {

    elasticsearch {

        hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]

        index => "zx-opgirl-cn-nginx-access-%{+YYYY.MM.dd}"

        document_type => "%{[@metadata][type]}"

        template_overwrite => true

        user => elastic

        password => Monkey

    }}

    if [type] == "www-oupeng-nginx-access" {

    elasticsearch {

        hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]

        index => "www-oupeng-nginx-access-%{+YYYY.MM.dd}"

        document_type => "%{[@metadata][type]}"

        template_overwrite => true

        user => elastic

        password => Monkey

    }}

    if [type] == "kibana-nginx-access" {

    elasticsearch {

        hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]

        index => "kibana-nginx-access-%{+YYYY.MM.dd}"

        document_type => "%{[@metadata][type]}"

        template_overwrite => true

        user => elastic

        password => Monkey

    }}

}

11、启动logstash

# nohup logstash -f /etc/logstash/conf.d/nginx.conf &

12、在kiaban上添加索引并绘图,绘图方法参考上一篇



debian安装filebeat5.5收集nginx日志的更多相关文章

  1. 安装logstash5.4.1,并使用grok表达式收集nginx日志

    关于收集日志的方式,最简单性能最好的应该是修改nginx的日志存储格式为json,然后直接采集就可以了. 但是实际上会有一个问题,就是如果你之前有很多旧的日志需要全部导入elk上查看,这时就有两个问题 ...

  2. ELK 二进制安装并收集nginx日志

    对于日志来说,最常见的需求就是收集.存储.查询.展示,开源社区正好有相对应的开源项目:logstash(收集).elasticsearch(存储+搜索).kibana(展示),我们将这三个组合起来的技 ...

  3. ELK日志系统之使用Rsyslog快速方便的收集Nginx日志

    常规的日志收集方案中Client端都需要额外安装一个Agent来收集日志,例如logstash.filebeat等,额外的程序也就意味着环境的复杂,资源的占用,有没有一种方式是不需要额外安装程序就能实 ...

  4. ELK Stack (2) —— ELK + Redis收集Nginx日志

    ELK Stack (2) -- ELK + Redis收集Nginx日志 摘要 使用Elasticsearch.Logstash.Kibana与Redis(作为缓冲区)对Nginx日志进行收集 版本 ...

  5. ELK filter过滤器来收集Nginx日志

    前面已经有ELK-Redis的安装,此处只讲在不改变日志格式的情况下收集Nginx日志. 1.Nginx端的日志格式设置如下: log_format access '$remote_addr - $r ...

  6. 第七章·Logstash深入-收集NGINX日志

    1.NGINX安装配置 源码安装nginx 因为资源问题,我们先将nginx安装在Logstash所在机器 #安装nginx依赖包 [root@elkstack03 ~]# yum install - ...

  7. ELASTIC 5.2部署并收集nginx日志

    elastic 5.2集群安装笔记   设计架构如下: nginx_json_log ->filebeat ->logstash ->elasticsearch ->kiban ...

  8. rsyslog收集nginx日志配置

    rsyslog日志收集配置 rsyslog服务器收集各服务器的日志,并汇总,再由logstash处理 请查看上一篇文章  http://bbotte.blog.51cto.com/6205307/16 ...

  9. EFK收集nginx日志

    准备三台centos7的服务器 两核两G的 关闭防火墙和SELinux systemctl stop firewalld setenforce 0 1.每一台都安装jdk rpm -ivh jdk-8 ...

随机推荐

  1. Streamr助你掌控自己的数据

    博客说明 所有刊发内容均可转载但是需要注明出处. 项目简介 Streamr 致力于为世界实时数据的自由公平交换打造开源平台,并促进全球数据经济的发展.Streamr项目基于区块链技术,并向用户提供数据 ...

  2. 初学node.js-nodejs安装运行(1)

    1.Node.js中文官网http://nodejs.cn/download/下载node.js 学习node.js需要有javascript基础,没有基础的可以在http://www.w3schoo ...

  3. [2017 ACL] 对话系统

    Long Papers [Domain adaptation ] 1. Adversarial Adaptation of Synthetic or Stale Data ( Cited by 14 ...

  4. Webstorm使用时发生Page 'http://localhost:63340/n…tok/css/bootstrap.css.map' requested without authorization, you can copy URL and open it in browser to trust it.

    在使用webstorm编辑器开发时候,点击4处发生以下错误: Page 'http://localhost:63340/n…tok/css/bootstrap.css.map' requested w ...

  5. windows 7 php 7.1 命令行 执行 中文文件名 的PHP文件

    在PHP5.6时代直接执行 php.exe  文件.php 是没有的这个问题 在win下的命令行中 活动代码页命令 chcp 修改 chcp 936  //gbk chcp 65001 //utf-8 ...

  6. Django_QueryDict

    介绍 class QueryDict(MultiValueDict): """ A specialized MultiValueDict which represents ...

  7. 将React Native 集成进现有OC项目中(过程记录) 、jsCodeLocation 生成方式总结

    将RN集成到现有OC项目应该是最常见的,特别是已经有OC项目的,不太可能会去专门搞个纯RN的项目.又因为RN不同版本,引用的依赖可能不尽相同,所以特别说明下,本文参考的文档是React Native ...

  8. oraclejdbc

    https://segmentfault.com/q/1010000004952621/a-1020000004955600

  9. php 数组去重

    php 数组去重 数组中重复项的去除 2010-07-28 15:29 一维数组的重复项: 使用array_unique函数即可,使用实例如下: <?php                    ...

  10. 互评Beta版本-SkyHunter

    基于NABCD评论作品,及改进建议 1.根据(不限于)NABCD评论作品的选题;   N(Need,需求):飞机大战题材的游戏对80,90后的人来说算是童年的记忆,可以在闲暇之余打开电脑玩一会儿.但是 ...