跳到主要內容

FluentD 實作 Nginx Access Log

實作 Nginx Access Log


透過 FluentD 收集 /var/log/nginx/nginx_web.access.log 日誌
過濾不必要的紀錄
輸出到MongoDB & Elasticsearch

延伸閱讀


FluentD 參數說明
FluentD 實作 Nginx Access Log 補充


fluent.conf


# workers parameter for specifying the number of workers

<system>
  workers 1
</system>

<worker 0>
  <source>
    @type tail
    path /var/log/nginx/nginx_web.access.log
    pos_file /var/log/td-agent/nginx_web.access.log.pos
    tag nginx.web.access
    format /^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<logtime>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")(?: "(?<custom_field1>[^\"]*)" "(?< custom_field2>[^\"]*)" "(?< custom_field3>[^\"]*)")?$/
    time_format %d/%b/%Y:%H:%M:%S %z
  </source>
  # 濾掉不必要的存取紀錄
  <filter nginx.web.access>
    @type grep
    <exclude>
      key path
      pattern /(?:\/js\/)|(?:\/css\/)|\.(?:jpg|gif|png|js|css|svg|ico|woff2)$/
    </exclude>
  </filter>
  # 由於須將一筆紀錄分別存在 ES 及 MongoDB 中因此需要做 @type copy 
  <match nginx.web.access>
    @type copy
    <store>
      @type mongo
      host ${mongo db host address}
      port ${mongo db port}
      database ${mongo db database}
      collection ${mongo db table}

      # for capped collection
      capped
      capped_size 1024m

      # authentication
      user ${mongo db user name}
      password ${mongo db password}

      <inject>
        # key name of timestamp
        time_key time
      </inject>

      <buffer>
        # flush
        flush_interval 10s
      </buffer>
    </store>
    <store>
      @type elasticsearch
      host ${elasticsearch host address}
      port ${elasticsearch port}
      index_name fluentd.${tag}
      logstash_format true
      logstash_prefix fluentd.${tag}
    </store>
  </match>
</worker>

Nginx



http {

  ... 略

  log_format weblog '$remote_addr - $remote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent" '
                    '"$cookie_custom_field1" "$cookie_custom_field2" "$cookie_custom_field3"';

  ... 略

  server {
    location / {
        
        ... 略

        access_log  /var/log/nginx/nginx_web.access.log weblog;
    }
  }
}

Mongo Record Sample




Elasticsearch Index Sample

留言

這個網誌中的熱門文章

FluentD 存取 File Log

其他文章參考 FluentD 存取 Nginx Access Log (1/2) FluentD 存取 Nginx Access Log (2/2) 以上是 Nginx + FluentD + (ES|Mongo) Demo 針對access.log 做解析 現在以Log4X 產生的日誌檔作為範例說明 會遇到的問題有 日誌內容會有多行的情況 # multiline 希望每條日誌內容加入 UUID 以便追蹤 # https://github.com/chaeyk/fluent-plugin-add-uuid 使用 Slack 作為通知的通道 # https://github.com/sowawa/fluent-plugin-slack Log4X Layout Format Example <?xml version="1.0" encoding="utf-8" ?> <configuration> <log4net> <appender name="All" type="log4net.Appender.RollingFileAppender"> <file value="/var/log/web.log" /> <appendToFile value="true" /> <rollingStyle value="Size" /> <datePattern value="yyyy-MM-dd" /> <maximumFileSize value="5MB" /> <maxSizeRollBackups value="10" /> <staticLogFileName value="true" /> <PreserveLogFileNameExtension value=...

申請免費 SSL,自動續訂

參考 acme.sh 搭配 GoDaddy 自動續期 Let's Encrypt 免費萬用憑證 使用 acme.sh + Cloudflare 申請免費 Wildcard SSL (Let’s Encrypt) 節略如下 安裝 acme.sh # 安裝 acme.sh ,安裝後重新登入 curl https://get.acme.sh | sh # 自動更新 acme.sh --upgrade --auto-upgrade acme.sh 設定存取 Goddy vi ~/.acme.sh/account.conf # Goddy API GD_Key="" GD_Secret="" acme.sh 設定存取 Cloudflare # Cloudflare API Keys # Global API Key [View] export CF_Key="" export CF_Email="" 申請網域(Domain)的萬用憑證,成功後會顯示憑證存放的路徑 $> acme.sh --issue --dns dns_gd -d ${domain} -d *.${domain} 安裝憑證 # 建立 /etc/nginx/ssl/${domain} 路徑 $> acme.sh --install-cert -d ${domain} --key-file /etc/nginx/ssl/${domain}/key.pem --fullchain-file /etc/nginx/ssl/${domain}/cert.pem --reloadcmd "sudo nginx -s reload"

FluentD 實作 Nginx Access Log 補充

FluentD 實作 Nginx Access Log 補充 前一篇針對 FluentD 安裝 及 Nginx Access log format 設定提供範例 本篇補充 1. 將 access_log 存入 MySQL 2. 針對Input 加工,ex 解析 Path 拆成不同欄位,在傳入 Output 延伸閱讀 FluentD 參數說明 FluentD 實作 Nginx Access Log 將 access_log 存入 MySQL <worker 0> <source> ... 略 </source> <match nginx.web.access> @type copy ... 略 <store> @type sql host ${MySQL Host address} port ${MySQL Port} adapter mysql2 database ${MySQL Database} username ${MySQL User Name} password ${MySQL Password} <table> table ${MySQL table} column_mapping 'logtime:logtime,method:method,path:path,code:code,size:size,resptime:resptime,token:token,path_url:path_url,timestamp:created_at' </table> </store> </match> </worker> 針對Input 加工,ex 解析 Path 拆成不同欄位,在傳入 Output 情境: 以下 access log 範例,需要針對 Query Parameter 拆解並存入新欄位,以利分析. [27/Dec/2019:07:14:10 ...