Skip to content

Instantly share code, notes, and snippets.

@kosho

kosho/filebeat.yml

Last active April 10, 2024 13:37
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kosho/82546a86140ad67c866e8197d730c53c to your computer and use it in GitHub Desktop.
Save kosho/82546a86140ad67c866e8197d730c53c to your computer and use it in GitHub Desktop.
Download ZIP
Structured logging example configurations
Raw
filebeat.yml
# Apache httpd
- input_type: log
paths:
- /var/log/httpd/access_log.js
document_type: apache
json.keys_under_root: true
json.add_error_key: true
# Squid
- input_type: log
paths:
- /var/log/squid/access_log.js
document_type: squid
json.keys_under_root: true
json.add_error_key: true
Raw
httpd.conf
LogFormat "{ \"clientip\": \"%h\", \"ident\": \"%l\", \"auth\": \"%u\", \"timestamp\": \"%{%FT%T%z}t\", \"verb\": \"%m\", \"request\": \"%U%q\", \"httpversion\": \"%H\", \"response\": %>s, \"bytes\": %b, \"referer\": \"%{Referer}i\", \"agent\": \"%{User-agent}i\" }" combinedjson
CustomLog logs/access_log.js combinedjson
Raw
squid.conf
logformat combinedjson { "clientip": "%>a", "ident": "%ui", "uname": "%un", "timestamp": "%{%FT%T%z}tg", "verb": "%rm", "request": "%ru", "httpversion": "HTTP/%rv", "response": %>Hs, "bytes": %<st, "referer": "%{Referer}>h", "agent": "%{User-Agent}>h", "request_status": "%Sh", "hierarchy_status": "%Sh" }
access_log /var/log/squid/access_log.js combinedjson
@diepes
Copy link

diepes commented Jun 3, 2021

I think there is a small mistake in squid.conf line 1, for the combinedjson the %Sh is used twice.

, "request_status": "%Sh", "hierarchy_status": "%Sh"
should be
, "request_status": "%Ss", "hierarchy_status": "%Sh"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment