Created
December 9, 2013 03:28
-
-
Save holys/7866995 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
input { | |
file { | |
type => "nginx" | |
path => "/var/log/nginx/localhost.access.log" | |
format => 'plain' | |
} | |
} | |
# We need to tell the filters (grok, date) that we want to act on the nginx | |
# type otherwise it won't do anything | |
filter { | |
grok { | |
type => "nginx" | |
patterns_dir => "./patterns" | |
pattern => "%{NGINXACCESS}" | |
} | |
date { | |
type => "nginx" | |
locale => "en" | |
match => [ "time_local" , "dd/MMM/YYYY:HH:mm:ss Z" ] | |
} | |
} | |
output { | |
elasticsearch { | |
embedded => true | |
} | |
stdout { | |
debug => true | |
debug_format => json | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
127.0.0.1 - alfredo [16/Feb/2013:11:17:58 -0430] "GET / HTTP/1.1" 200 0 "-" "curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6" | |
127.0.0.1 - myUserName [16/Feb/2013:11:18:14 -0430] "GET / HTTP/1.1" 200 0 "-" "curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6" | |
127.0.0.1 - michaelJackson [16/Feb/2013:11:18:22 -0430] "GET / HTTP/1.1" 200 0 "-" "curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$remote_addr The remote host | |
$remote_user The authenticated user (if any) | |
$time_local The time of the access | |
$request The first line of the request | |
$status The status of the request | |
$body_bytes_sent The size of the server's response, in bytes | |
$http_referer The referrer URL, taken from the request's headers | |
$http_user_agent The user agent, taken from the request's headers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NGINXACCESS %{IPORHOST:remote_addr} - %{USERNAME:remote_user} \[%{HTTPDATE:time_local}\] %{QS:request} %{INT:status} %{INT:body_bytes_sent} %{QS:http_referer} %{QS:http_user_agent} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"@source":"file://debian-basic/var/log/nginx/localhost.access.log", | |
"@tags":[ | |
], | |
"@fields":{ | |
"remote_addr":[ | |
"127.0.0.1" | |
], | |
"remote_user":[ | |
"-" | |
], | |
"time_local":[ | |
"16/Feb/2013:12:27:21 -0430" | |
], | |
"request":[ | |
"\"GET / HTTP/1.1\"" | |
], | |
"status":[ | |
"200" | |
], | |
"body_bytes_sent":[ | |
"0" | |
], | |
"http_referer":[ | |
"\"-\"" | |
], | |
"http_user_agent":[ | |
"\"curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6\"" | |
] | |
}, | |
"@timestamp":"2013-02-16T16:57:21.000Z", | |
"@source_host":"debian-basic", | |
"@source_path":"/var/log/nginx/localhost.access.log", | |
"@message":"127.0.0.1 - - [16/Feb/2013:12:27:21 -0430] \"GET / HTTP/1.1\" 200 0 \"-\" \"curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6\"", | |
"@type":"nginx" | |
} | |
{ | |
"@source":"file://debian-basic/var/log/nginx/localhost.access.log", | |
"@tags":[ | |
], | |
"@fields":{ | |
"remote_addr":[ | |
"127.0.0.1" | |
], | |
"remote_user":[ | |
"somebody" | |
], | |
"time_local":[ | |
"16/Feb/2013:12:30:20 -0430" | |
], | |
"request":[ | |
"\"GET / HTTP/1.1\"" | |
], | |
"status":[ | |
"200" | |
], | |
"body_bytes_sent":[ | |
"0" | |
], | |
"http_referer":[ | |
"\"-\"" | |
], | |
"http_user_agent":[ | |
"\"curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6\"" | |
] | |
}, | |
"@timestamp":"2013-02-16T17:00:20.000Z", | |
"@source_host":"debian-basic", | |
"@source_path":"/var/log/nginx/localhost.access.log", | |
"@message":"127.0.0.1 - somebody [16/Feb/2013:12:30:20 -0430] \"GET / HTTP/1.1\" 200 0 \"-\" \"curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6\"", | |
"@type":"nginx" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment