魏长东

weichangdong

东邪

logstash配置文件

最近用到的,照着别人的配置的,记录下。貌似很强大。

可以把几台服务器上的nginx日志实时同步到另外一台上。可以过滤日志,可以存储到本地文件,redis等等,很强大。

sudo rpm -iv --force jre-7u79-linux-x64.rpm 
tar  xvzf   logstash-1.5.2.tar.gz
sudo  cp -R  logstash-1.5.2 /usr/local/
sudo ln -s /usr/local/logstash-1.5.2/ /usr/local/logstash
sudo ./plugin install logstash-filter-grok
sudo /usr/local/logstash/bin/logstash -f /usr/local/logstash/shipper.conf 

这是配置文件

input {
        file {
                type => "feedback-access"
                path => "/usr/local/nginx/logs/cn_access.log"
        }
}
filter {
        grok  {
                match => ["message","dot_100.php"]
                # drop => false
                add_tag => ["dot_log"]
             	#add_field => {"access_time"=>"%{HTTPDATE:timestamp}"}
        }
}
output {
        if "dot_log" in [tags]{
                #redis {
                #       host => "logfetch01.*.net"
                #       data_type =>"list"
                #       key => "dot_log_list"
                #}
                file {
                        # tags => ["dot_log"]
                        path => "/data2/test.cn_access.log"
                }
        }
}