Logstash+Elasticsearch为Nginx打造可视化监控

打造一个帅气的监控需要什么:

  • Grafana 前端数据分析平台
  • Elasticsearch 全文检索引擎
  • Logstash 日志收集处理框架
  • dashboard 监控面板出处

Logstash+Elasticsearch为Nginx打造可视化监控 - 1

grafana & elk 安装包下载

wget https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-4.6.2.linux-x64.tar.gz 

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.3.zip

wget https://artifacts.elastic.co/downloads/logstash/logstash-5.6.4.tar.gz

为nginx修改日志输出格式

log_format  main  '{"@timestamp":"$time_iso8601",'
                  '"@source":"$server_addr",'
                  '"hostname":"$hostname",'
                  '"ip":"$remote_addr",'
                  '"client":"$remote_addr",'
                  '"request_method":"$request_method",'
                  '"scheme":"$scheme",'
                  '"domain":"$server_name",'
                  '"referer":"$http_referer",'
                  '"request":"$request_uri",'
                  '"args":"$args",'
                  '"size":$body_bytes_sent,'
                  '"status": $status,'
                  '"responsetime":$request_time,'
                  '"upstreamtime":"$upstream_response_time",'
                  '"upstreamaddr":"$upstream_addr",'
                  '"http_user_agent":"$http_user_agent",'
                  '"https":"$https"'
                  '}';

建立logstash配置文件

# nginxlog.conf
input {
    file {
        # 日志文件路径
        path => [ "/var/log/nginx/access.log" ]
        ignore_older => 0
    codec => json
    }
}

filter {
    mutate {
      convert => [ "status","integer" ]
      convert => [ "size","integer" ]
      convert => [ "upstreatime","float" ]
      remove_field => "message"
    }
    geoip {
        source => "ip"
    }
}
output {
    elasticsearch {
        # elasticsearch地址
        hosts => "127.0.0.1:9200"
        # 索引名称
        index => "nginxlog"
    }
    #stdout {codec => rubydebug}
}

解压后执行bin目录下的lostash, nohup ./logstash -f nginxlog.conf &

elasticsearch

这个不用怎么配,会出现一些关于内存什么的警告,内存够大不用管,默认监听127.0.0.1就可以,直接执行nohup ./elasticsearch &,正常执行完成后服务器的9600\9200\9300端口开放, elasticsearch日志结尾会有logstash里面配置的索引名称出现

grafana配置

conf/default.ini设置管理员账号密码,设置监听地址

http_addr = 0.0.0.0
admin_user = admin
admin_pass = pass

执行grafana, nohup ./grafana-server &

配置grafana数据源

进grafana面板,type选择elasticsearch,url填写http://127.0.0.1:9200, access选proxy,index-name写上之前配置文件里的索引名称,version选5.x

配置grafana面板

左边菜单dashboard有个import dashboard选项,dashboard复制这里面的id,填进去,点load,就选择之前添加的数据源,就OK了,可能会有写问题,需要自己调一下

3 thoughts on “Logstash+Elasticsearch为Nginx打造可视化监控”

Leave a Reply

Your email address will not be published. Required fields are marked *