logstash通过rsyslog对nginx的日志收集和分析
# grep -v ^# /etc/rsyslog.conf|sed '/^$/d'$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ModLoad imfile # imfile模块必须启用 Load the imfile input module
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
#下面是nginx的设置
$InputFileName /var/log/nginx/error.log
$InputFileTag kibana-nginx-errorlog:
$InputFileStateFile state-kibana-nginx-errorlog
$InputRunFileMonitor
$InputFileName /var/log/nginx/access.log
$InputFileTag kibana-nginx-accesslog:
$InputFileStateFile state-kibana-nginx-accesslog
$InputRunFileMonitor
$InputFilePollInterval 10 #等待10秒钟发送一次
if $programname == 'kibana-nginx-errorlog' then @192.168.10.1:514
if $programname == 'kibana-nginx-errorlog' then ~
if $programname == 'kibana-nginx-accesslog' then @192.168.10.1:514
if $programname == 'kibana-nginx-accesslog' then ~
*.* @192.168.10.1:514
页:
[1]