先贴一下我的BELK架构

1、Download and install the Public Signing Key:

# wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -

2、You may need to install the apt-transport-https package on Debian before proceeding:

# aptitude install -y apt-transport-https

3、Save the repository definition to /etc/apt/sources.list.d/elastic-5.x.list:

# echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-5.x.list

4、Run aptitude update, and the repository is ready for use. For example, you can install Filebeat by running:

# aptitude update

# aptitude install -y filebeat

5、To configure the Beat to start automatically during boot, run:

# update-rc.d filebeat defaults 95 10

6、为nginx添加json日志格式

# vim /usr/local/nginx/conf/nginx.conf

log_format json '{"@timestamp":"$time_iso8601",'

                  '"host":"$server_addr",'

                  '"clientip":"$remote_addr",'

                  '"remote_user":"$remote_user",'

                  '"request":"$request",'

                  '"http_user_agent":"$http_user_agent",'

                  '"size":$body_bytes_sent,'

                  '"responsetime":$request_time,'

                  '"upstreamtime":"$upstream_response_time",'

                  '"upstreamhost":"$upstream_addr",'

                  '"http_host":"$host",'

                  '"url":"$uri",'

                  '"domain":"$host",'

                  '"xff":"$http_x_forwarded_for",'

                  '"referer":"$http_referer",'

                  '"status":"$status"}';

access_log /var/log/nginx/access.log json;

7、重载nginx服务

# /usr/local/nginx/sbin/nginx -t

# /usr/local/nginx/sbin/nginx -s reload

8、修改filebeat的配置文件。如果同一台机器上要收集多个日志文件,而且每个日志要输出到不同的索引,那么可以把每个prospector单独定义一个document_type,然后在logstash上通过 if 判断输出到不同的索引。

# vim /etc/filebeat/filebeat.yml

filebeat.prospectors:

- input_type: log

    paths:

        - /usr/local/nginx/logs/zixun.oupeng.com.access.log

    document_type: zixun-nginx-access 

- input_type: log

  paths:

    - /usr/local/nginx/logs/water.oupeng.com.access.log

  document_type: water-nginx-access

- input_type: log

  paths:

    - /usr/local/nginx/logs/nav.oupeng.com.access.log

  document_type: nav-nginx-access

- input_type: log

  paths:

    - /usr/local/nginx/logs/wood.oupeng.com.access.log

  document_type: wood-nginx-access

- input_type: log

  paths:

    - /usr/local/nginx/logs/redir.oupeng.com.access.log

  document_type: redir-nginx-access

- input_type: log

  paths:

    - /usr/local/nginx/logs/default.access.log

  document_type: default-nginx-access

- input_type: log

  paths:

    - /usr/local/nginx/logs/kibana.oupeng.com.access.log

  document_type: kibana-nginx-access 

output.logstash:

  hosts: ["192.168.3.56:5044","192.168.3.49:5044","192.168.3.57:5044"]

  loadbalance: true

9、启动filebeat服务

启动之前可以测试一下配置是否正确

# filebeat.sh --help

-configtest:Test configuration and exit.

-e:Log to stderr and disable syslog/file output

# filebeat.sh -configtest -e

2017/07/09 17:36:59.623072 beat.go:285: INFO Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]

2017/07/09 17:36:59.623123 beat.go:186: INFO Setup Beat: filebeat; Version: 5.5.0

2017/07/09 17:36:59.623211 logstash.go:90: INFO Max Retries set to: 3

2017/07/09 17:36:59.623218 metrics.go:23: INFO Metrics logging every 30s

2017/07/09 17:36:59.623493 outputs.go:108: INFO Activated logstash as output plugin.

2017/07/09 17:36:59.623683 publish.go:295: INFO Publisher name: uy05-09

2017/07/09 17:36:59.625146 async.go:63: INFO Flush Interval set to: 1s

2017/07/09 17:36:59.625176 async.go:64: INFO Max Bulk Size set to: 2048

Config OK


# /etc/init.d/filebeat start

10、编写logstash pipeline配置文件。这里通过 if 判断将不同type的日志输出到不同的索引。

# vim /etc/logstash/conf.d/nginx.conf

input {

  beats {

    port => 5044

    codec => "json"

  }

}

output {

    if [type] == "zixun-nginx-access" {

    elasticsearch {

        hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]

        index => "zixun-nginx-access-%{+YYYY.MM.dd}"

        document_type => "%{[@metadata][type]}"

        template_overwrite => true

        user => elastic

        password => Monkey

    }}

    if [type] == "water-nginx-access" {

    elasticsearch {

        hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]

        index => "water-nginx-access-%{+YYYY.MM.dd}"

        document_type => "%{[@metadata][type]}"

        template_overwrite => true

        user => elastic

        password => Monkey

    }}

    if [type] == "nav-nginx-access" {

    elasticsearch {

        hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]

        index => "nav-nginx-access-%{+YYYY.MM.dd}"

        document_type => "%{[@metadata][type]}"

        template_overwrite => true

        user => elastic

        password => Monkey

    }}

    if [type] == "wood-nginx-access" {

    elasticsearch {

        hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]

        index => "wood-nginx-access-%{+YYYY.MM.dd}"

        document_type => "%{[@metadata][type]}"

        template_overwrite => true

        user => elastic

        password => Monkey

    }}

    if [type] == "redir-nginx-access" {

    elasticsearch {

        hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]

        index => "redir-nginx-access-%{+YYYY.MM.dd}"

        document_type => "%{[@metadata][type]}"

        template_overwrite => true

        user => elastic

        password => Monkey

    }}

    if [type] == "default-nginx-access" {

    elasticsearch {

        hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]

        index => "default-nginx-access-%{+YYYY.MM.dd}"

        document_type => "%{[@metadata][type]}"

        template_overwrite => true

        user => elastic

        password => Monkey

    }}

    if [type] == "zx-opgirl-cn-nginx-access" {

    elasticsearch {

        hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]

        index => "zx-opgirl-cn-nginx-access-%{+YYYY.MM.dd}"

        document_type => "%{[@metadata][type]}"

        template_overwrite => true

        user => elastic

        password => Monkey

    }}

    if [type] == "www-oupeng-nginx-access" {

    elasticsearch {

        hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]

        index => "www-oupeng-nginx-access-%{+YYYY.MM.dd}"

        document_type => "%{[@metadata][type]}"

        template_overwrite => true

        user => elastic

        password => Monkey

    }}

    if [type] == "kibana-nginx-access" {

    elasticsearch {

        hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]

        index => "kibana-nginx-access-%{+YYYY.MM.dd}"

        document_type => "%{[@metadata][type]}"

        template_overwrite => true

        user => elastic

        password => Monkey

    }}

}

11、启动logstash

# nohup logstash -f /etc/logstash/conf.d/nginx.conf &

12、在kiaban上添加索引并绘图,绘图方法参考上一篇



debian安装filebeat5.5收集nginx日志的更多相关文章

  1. 安装logstash5.4.1,并使用grok表达式收集nginx日志

    关于收集日志的方式,最简单性能最好的应该是修改nginx的日志存储格式为json,然后直接采集就可以了. 但是实际上会有一个问题,就是如果你之前有很多旧的日志需要全部导入elk上查看,这时就有两个问题 ...

  2. ELK 二进制安装并收集nginx日志

    对于日志来说,最常见的需求就是收集.存储.查询.展示,开源社区正好有相对应的开源项目:logstash(收集).elasticsearch(存储+搜索).kibana(展示),我们将这三个组合起来的技 ...

  3. ELK日志系统之使用Rsyslog快速方便的收集Nginx日志

    常规的日志收集方案中Client端都需要额外安装一个Agent来收集日志,例如logstash.filebeat等,额外的程序也就意味着环境的复杂,资源的占用,有没有一种方式是不需要额外安装程序就能实 ...

  4. ELK Stack (2) —— ELK + Redis收集Nginx日志

    ELK Stack (2) -- ELK + Redis收集Nginx日志 摘要 使用Elasticsearch.Logstash.Kibana与Redis(作为缓冲区)对Nginx日志进行收集 版本 ...

  5. ELK filter过滤器来收集Nginx日志

    前面已经有ELK-Redis的安装,此处只讲在不改变日志格式的情况下收集Nginx日志. 1.Nginx端的日志格式设置如下: log_format access '$remote_addr - $r ...

  6. 第七章·Logstash深入-收集NGINX日志

    1.NGINX安装配置 源码安装nginx 因为资源问题,我们先将nginx安装在Logstash所在机器 #安装nginx依赖包 [root@elkstack03 ~]# yum install - ...

  7. ELASTIC 5.2部署并收集nginx日志

    elastic 5.2集群安装笔记   设计架构如下: nginx_json_log ->filebeat ->logstash ->elasticsearch ->kiban ...

  8. rsyslog收集nginx日志配置

    rsyslog日志收集配置 rsyslog服务器收集各服务器的日志,并汇总,再由logstash处理 请查看上一篇文章  http://bbotte.blog.51cto.com/6205307/16 ...

  9. EFK收集nginx日志

    准备三台centos7的服务器 两核两G的 关闭防火墙和SELinux systemctl stop firewalld setenforce 0 1.每一台都安装jdk rpm -ivh jdk-8 ...

随机推荐

  1. SQLAlchemy并发写入引发的思考

    背景 近期公司项目中加了一个积分机制,用户登录签到会获取登录积分,但会出现一种现象就是用户登录时会增加双倍积分,然后生成两个积分记录.此为问题  问题分析 项目采用微服务架构,下图为积分机制流程   ...

  2. JVM类加载全过程--图解

    JVM规范允许类加载器在预料某个类将要被使用时就预先加载它,下图为实例方法被调用时的JVM内存模型,1~7完整的描述了从类加载开始到方法执行前的预备过程,后面将对每一个步骤进行解释 在我们加载类的过程 ...

  3. Python图形界面开发—wxPython库的布局管理及页面切换

    前言 wxPython是基于Python的跨平台GUI扩展库,对wxWidgets( C++ 编写)封装实现.GUI程序的开发中界面布局是很重要的一个部分,合理的页面布局能够给予用户良好使用体验.虽然 ...

  4. Daily Scrum 11.14

    姓名 今日任务 黄新越 按照热度排序->产生柱状图 刘垚鹏 总体代码架构整合 王骜 总体代码架构整合 林旭鹏 优化整体UI布局 安康 优化整体UI布局 黄伟龙 预先合作编写测试用例 马佐霖 预先 ...

  5. 2-Nineth Scrum Meeting20151209

    任务分配 闫昊: 今日完成:商讨如何迁移ios代码到android平台. 明日任务:请假.(编译) 唐彬: 今日完成:商讨如何迁移ios代码到android平台. 明日任务:请假.(编译) 史烨轩: ...

  6. 2-Second Scrum Meeting-20151202

    任务安排 闫昊: 今日完成:设计学习进度的管理. 明日任务:请假.(编译+计组,压力有点大) 金哉仁: 今日完成:继续商讨APP相关界面与设计,安装AndroidStudio. 明日任务:请假.(编译 ...

  7. VirtualBox安装增强功能

    一.安装依赖包 #yum install kernel-headers #yum install kernel-devel #yum install gcc* #yum install make 二. ...

  8. echart 插件实现全国地图

    最近的项目要用到一个能展现全国地图的功能,并且全国各个省份显示的颜色不同,点击省份后会返回省份名称.经过反复的查找最终确定了echart这个插件,最后的成果还不错,在这里写下来希望对大家有所帮助.话不 ...

  9. 手机连接wifi 访问本地服务器网站

    手机连本地wifi后访问 http://192.168.155.1:8001/loc 版权声明:本文为博主原创文章,未经博主允许不得转载.

  10. Results the mutual for the first time(alpha阶段总结)

    由于前天听大家的成果展时,做得笔记不够完善,有一两个组找不到信息,如果没有评到的组望谅解. 分数分配: 由于组内某些原因,我们现重新分组: 试用版: 总结前阶段的工作: 在前一段时间,我们第一个spr ...