title: logstash nginx access tags:
- logstash categories: 工作日誌 date: 2016-11-25 18:18:55
nginx.conf
log\_format main '$remote\_addr - $remote\_user \[$time\_local\] $http\_host $request\_method "$uri" '
'$status $body\_bytes\_sent "$http\_referer" $upstream\_status "$upstream\_addr" $request\_time $upstream\_response\_time '
'"$http\_user\_agent" "$http\_cdn\_src\_ip" "$http\_x\_forwarded\_for"' ;
複製程式碼logstash
grok
%\{IPORHOST:remote\_addr\} - (%\{USERNAME:user\}|-) \\\[%\{HTTPDATE:log\_timestamp\}\\\] %\{HOSTNAME:http\_host\} %\{WORD:request\_method\} (%\{QS:uri\}|-) %\{BASE10NUM:http\_status\} (?:%\{BASE10NUM:body\_bytes\_sent\}|-) (%\{QS:http\_referrer\}|-) (%\{BASE10NUM:upstream\_status\}|-) (?:%\{QS:upstream\_addr\}|-) (%\{BASE16FLOAT:upstream\_response\_time\}|-) (%\{BASE16FLOAT:request\_time\}|-) (?:%\{QUOTEDSTRING:user\_agent\}|-) \\"(%\{IPV4:client\_ip\}|-)\\" \\"(%\{WORD:x\_forword\_for\}|-)\\"
複製程式碼