在部署ELK服务的基础上
一,部署nginx,以及在kibana页面上创建索引
1,导入nginx包,安装nginx以及依赖等部署,并启动nginx
[root@localhost ~] yum -y install gcc pcre-devel zlib-develselinux
[root@localhost ~] tar -zxf nginx-1.12.2.tar.gz
[root@localhost ~] cd nginx-1.12.2/
[root@localhost nginx-1.12.2] ./configure &> /dev/null #环境监测
[root@localhost nginx-1.12.2] make && make install #编译和安装
[root@localhost ~] /usr/local/nginx/sbin/nginx #启动nginx
关闭防火墙和selinux
[root@localhost ~] systemctl stop firewalld.service
[root@localhost ~] setenforce 0
2,进入配置路径,编写正则过滤日志文件
[root@localhost ~] cd /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-patterns-core-4.1.2/patterns/
#定义正则
[root@localhost patterns] vim nginx_access
[root@localhost patterns] cat nginx_access
NGINXACCESS %{IPORHOST:client_ip} (%{USER:idnet}|-) (%(USER:auth}|-) \[%{HTTPDATE:timestamp}\] "(?:%{WORD:verb} (%{NOTSPACE:request}|-)(?: HTTP/%{NUMBER:http_version})?|-)" %{NUMBER:status} (?:%{NUMBER:bytes}|-) "(?:%{URI:referrer}|-)" "%{GREEDYDATA:agent}"
3,编写管道配置文件和,模块配置文件
[root@localhost ~] vim /etc/logstash/pipelines.yml
- pipeline.id: msg
path.config: "/etc/logstash/conf.d/messages.conf"
- pipeline.id: sec
path.config: "/etc/logstash/conf.d/secure.conf"
- pipeline.id: nginx
path.config: "/etc/logstash/conf.d/nginx.conf"
[root@localhost ~] vim /etc/logstash/conf.d/nginx.conf
input {
file {
path => "/usr/local/nginx/logs/access.log"
type => "nginx-log"
start_position => "beginning"
}
}
filter {
grok {
match => { "message" => "%{NGINXACCESS}" }
}
}
output {
elasticsearch {
hosts => "192.168.59.142:9200"
index => "nginx_log-%{+YYYY.MM.dd}"
}
}
重启logstash
[root@localhost ~] systemctl restart logstash
4,在浏览器web页面,kibana服务上配置
创建索引
二,在kibana页面上,添加nginx日志可视化图
5,创建状态码
6,添加访问量检测
7, 添加ip访问量前10的ip
8,访问量趋势
三,创建仪表盘
**没有nginx 索引需注意以下几点:
1:chmod 777 /var/log/nginx -R
2: pipiline.yml 文件
3:nginx log 里要有内容 可以用ab压测用具生成一些日志
**
