[root@Cagios logstash-2.1.0]# cat /usr/local/logstash-2.1.0/logstash_agent.conf
input {
file {
type => "apache_access"
path => ["/var/log/httpd/access_log"]
}
}
filter {
grok {
match => {"message" => "%{COMBINEDAPACHELOG}"}
}
}
output {
stdout {codec => rubydebug }
redis {
host => '192.168.55.133'
data_type => 'list'
key => 'logstash:redis'
}
}
# 采集到的日志格式
{
"message" => "192.168.55.1 - - [08/Dec/2015:12:35:21 +0800] \"POST /zabbix/jsrpc.php?output=json-rpc HTTP/1.1\" 200 64 \"http://192.168.55.132/zabbix/hostgroups.php?sid=ec7705df8ce1f99f\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36\"",
"@version" => "1",
"@timestamp" => "2015-12-08T04:35:21.342Z",
"host" => "0.0.0.0",
"path" => "/var/log/httpd/access_log",
"type" => "apache_access",
"clientip" => "192.168.55.1",
"ident" => "-",
"auth" => "-",
"timestamp" => "08/Dec/2015:12:35:21 +0800",
"verb" => "POST",
"request" => "/zabbix/jsrpc.php?output=json-rpc",
"httpversion" => "1.1",
"response" => "200",
"bytes" => "64",
"referrer" => "\"http://192.168.55.132/zabbix/hostgroups.php?sid=ec7705df8ce1f99f\"",
"agent" => "\"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36\""
}
![]()
浙公网安备 33010602011771号