Logstash парсим логи apache

Aapache настройки логов

  LogLevel warn

  SetEnvIf Request_URI "^/ping\.php$" dontlog
  SetEnvIf Request_URI "^/apache\-stats" dontlog
  SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
  SetEnvIf User-Agent "ELB-HealthChecker" dontlog
  SetEnvIf User-Agent "NewRelicPinger" dontlog
  SetEnvIf User-Agent "Panopta\ v1\.1" dontlog
  SetEnvIf User-Agent "Amazon\ CloudFront" dontlog
  SetEnvIf X-Forwarded-For "93\.84\.19\.92" dontlog
  SetEnvIf REMOTE_ADDR "(.+)" CLIENTIP=$1
  SetEnvIf X-Forwarded-For "^([0-9.]+)" CLIENTIP=$1
  LogFormat "%{CLIENTIP}e %D %u %{%d/%m/%Y:%H:%M:%S}t \"%r\" \"STATUS_CODE %>s\" \"%{Referer}i\" \"%{User-Agent}i\"" trueip_combined
  CustomLog /var/log/apache2/magento-access.log trueip_combined env=!dontlog
  ErrorLog /var/log/apache2/magento-error.log

Настройка logstash

if [type] == "apache-logs" {
      grok {
      match => { "message" => "%{IPORHOST:clientip} %{NUMBER:microseconds} - %{DATE}:%{TIME} \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" \"%{GREEDYDATA} %{NUMBER:response}\" \"%{NOTSPACE:referrer}\" \"%{GREEDYDATA:UserAgent}\"" }
          }
      geoip {
      source => "clientip"
      }
}

 

Logstash

0 Comment

Leave a Comment

Ваш адрес email не будет опубликован.