Created
March 7, 2017 04:36
-
-
Save mariotacke/88053be5be5ef87b7544ece220f41af4 to your computer and use it in GitHub Desktop.
Revisions
-
mariotacke created this gist
Mar 7, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,5 @@ Pattern file: `/etc/logstash/patterns/nginx` Logstash shipper: `/etc/logstash/conf.d/shipper.conf` Nginx http log module: http://nginx.org/en/docs/http/ngx_http_log_module.html This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,3 @@ log_format combined '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1 @@ NGINX_ACCESS %{IPORHOST:remote_addr} - %{USERNAME:remote_user} \[%{HTTPDATE:time_local}\] \"%{DATA:request}\" %{INT:status} %{NUMBER:bytes_sent} \"%{DATA:http_referer}\" \"%{DATA:http_user_agent}\" This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,31 @@ input { file { type => "nginx" start_position => "beginning" path => [ "/var/log/nginx/*.log" ] } } filter { if [type] == "nginx" { grok { patterns_dir => "/etc/logstash/patterns" match => { "message" => "%{NGINX_ACCESS}" } remove_tag => [ "_grokparsefailure" ] add_tag => [ "nginx_access" ] } geoip { source => "remote_addr" } } } output { redis { host => "<your redis host>" data_type => "list" key => "logstash" codec => json } }