nginx-log 收集nginx日志
配置nginx.conf
log_format json escape=json '{"timestamp":$msec,'
'"remote_addr":"$remote_addr",'
'"nginx_host":"$server_addr",'
'"http_host":"$http_host",'
'"ssl_protocol":"$ssl_protocol",'
'"ssl_cipher":"$ssl_cipher",'
'"request":"$request",'
'"request_uri":"$request_uri",'
'"referer":"$http_referer",'
'"http_user_agent":"$http_user_agent",'
'"request_length":$request_length,'
'"request_method":"$request_method",'
'"status":$status,'
'"body_bytes_sent":$body_bytes_sent,'
'"request_time":$request_time,'
'"upstream_addr":"$upstream_addr",'
'"upstream_response_time":$upstream_response_time}';
配置并启动redis服务
127.0.0.1:6379
配置并启动elasticsearch
http://127.0.0.1:9200/
配置文件:config.json
{
"domain": "ha666.com",
"all_in": true,
"cache_second": 86400,
"data": {
"redis": {
"addr": "127.0.0.1:6379",
"password": ""
}
},
"source": {
"type": "file",
"file_path": "/var/log/nginx/ha666.com.access.log"
},
"target": {
"type": "elasticsearch",
"elastic_search": {
"endpoint": "http://127.0.0.1:9200/",
"index_rule": "nginx-access-<yyyy-mm>"
}
}
}
配置service:
# cat nginx-log.service
[Unit]
Description=nginx-log
After=network.target
[Install]
WantedBy=multi-user.target
[Service]
Type=simple
User=root
Group=root
Restart=always
# Prevent writes to /usr, /boot, and /etc
ProtectSystem=full
# Doesn't yet work properly with SELinux enabled
# NoNewPrivileges=true
PrivateDevices=true
WorkingDirectory=/root/proj/nginx-log
ExecStart=/root/proj/nginx-log/nginx-log
KillMode=process
KillSignal=SIGTERM
# Don't want to see an automated SIGKILL ever
SendSIGKILL=yes
RestartSec=20s
UMask=007
启动、停止、重启服务
systemctl start nginx-log.service
systemctl stop nginx-log.service
systemctl start nginx-log.service