-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx_access_khachhang.conf
59 lines (52 loc) · 2.17 KB
/
nginx_access_khachhang.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
input{
file {
path => ["/var/log/nginx/khachhang.giaohangtietkiem.vn.access.log"]
sincedb_path => "/usr/share/logstash/data/plugins/inputs/file/nginx_access_khachhang.sincedb"
ignore_older => 30
start_position => "end"
}
file {
path => ["/var/log/nginx/services.giaohangtietkiem.vn.access.log"]
sincedb_path => "/usr/share/logstash/data/plugins/inputs/file/nginx_access_service.sincedb"
ignore_older => 30
start_position => "end"
}
}
filter{
grok {
match => {
"message" => "%{IP:remote_ip} - %{IP:client_ip} \[(?<timestamp>%{MONTHDAY}[./]%{MONTH}[./]%{YEAR}[:]%{TIME} %{ISO8601_TIMEZONE})\] \"%{WORD:method} %{DATA:url} HTTP/%{NUMBER:http_version:float}\" %{POSINT:response_code:int} %{POSINT:bytes:int} \"%{DATA:referrer}\" \"%{DATA:agent}\" rt=%{NUMBER:rt:float} uct=%{NUMBER:uct:float} uht=%{NUMBER:uht:float} urt=%{NUMBER:urt:float}"
}
}
if "_grokparsefailure" not in [tags] {
grok {
match => {"url" => "(^\/customer\/js\/|^\/customer\/css\/|^\/customer\/img\/|^\/admin\/js\/|^\/admin\/files\/uploads\/|^\/wp-content\/|^\/wp-includes\/|^\/wp-admin\/css\/|^\/wp-admin\/js\/|^\/wp-admin\/images\/|^\/cache_js\/|^\/cache_css\/|\.js$|\.css$|\.png$|\.jpg$)"}
tag_on_failure => ["_is_not_resources"]
}
# Drop resources request (js, css, images, font ...)
if "_is_not_resources" not in [tags] {
drop {}
}
grok {
match => {"url" => "%{URIPATH:uri_path}(%{URIPARAM:uri_param})?" }
}
date {
match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
target => "log_timestamp"
remove_tag => ["_is_not_resources"]
}
geoip {
source => "client_ip"
remove_field => [ "timestamp", "message"]
}
}
else{
drop {}
}
}
output {
elasticsearch {
hosts => ["10.10.2.207:9200"]
index => "nginx_access_log-%{+YYYY.MM.dd}"
}
}