簡單總結把nginx日誌通過logstash輸入到oracle的方法
阿新 • • 發佈:2021-06-29
1. 首先配置nginx的日誌,需要配置成json日誌,這個方法不在這裡介紹,網上很多,我提供一個format引數大家參考。
log_format main escape=json '{"system_name":"$system_name",' #系統名稱
# 客戶端(訪問者)資訊
'"remote_addr":"$remote_addr",'
'"remote_port":"$remote_port",'
'"remote_user":"$remote_user",'
# 請求資訊
'"request":"$request",'
'"request_body":"$request_body",'
'
View Code其中,我這裡的system_name是需要在nginx配置中進行set的,由於nginx代理了多個系統,加個system_name來標識系統名稱比較好。
另外,我的日誌儲存也統一由一個檔案儲存,配置為
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})")
{
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
set $minutes $5;
set $seconds $6;
}
access_log logs/host.access-$year-$month-$day.log main;
View Code
按日來拆分日誌,避免日誌過大時還不好刪除。
2. 配置Logstash,我的伺服器是linux,這裡的命令也是用的Linux的命令,如果用windows的就要自己想辦法轉換了。
安裝logstash,這個沒什麼難度。
安裝jdbc和uuid外掛,uuid這個可選,具體看後面。
bin/logstash-plugin install logstash-output-jdbc
bin/logstash-plugin install logstash-filter-uuid
jdbc外掛並不安裝就完事了,還需要在配置中引入jdbc的jar包,具體看配置
在config目錄下新增一個logstash.conf的檔案,內容如下,裡面包含講解
#sample Logstash configuration for creating a simple # Beats -> Logstash -> Elasticsearch pipeline. input { file { # 指定需要掃描的日誌檔案,支援多個檔案,也支援星號(*)萬用字元 # 含義:掃描/usr/local/nginx/logs/目錄下的所有以host.access-開頭,以log為副檔名的日誌檔案。 # path是陣列,所以很明顯,可以配置成多個 path => ["/usr/local/nginx/logs/host.access-*.log"] } } filter{ #nginx生成的日誌,是很簡單的json資料,但是經過Logstash讀取後,會自動新增到message節點下,這很麻煩,所以第一步,把message裡的資料提出來,然後刪掉Message。 json{ source => "message" remove_field => ["message"] } #nginx生成的日誌沒有ID,我的資料庫的ID是個nv2格式,所以需要一個字元器ID,這裡需要安裝uuid外掛 uuid{ target => "id" overwrite => true } mutate{ convert => { "ups_connect_time" => "float"} convert => { "ups_status" => "integer"} convert => { "server_port" => "integer"} convert => { "ups_response_length" => "integer"} convert => { "remote_port" => "integer"} convert => { "ups_time" => "float"} convert => { "http_status" => "integer"} convert => { "request_length" => "integer"} convert => { "proxy_port" => "integer"} #Nginx生成的時間是2021-06-29T12:00:00+08:00形式的,需要轉成2021-06-29 12:00:00,以便在SQL語句中使用to_date進行時間格式化 #去掉+08:00 和中間的 T,這裡因為匹配是用正則的,所以+號的匹配要用\+,不然會報錯。 gsub =>["request_time","\+08:00",""] gsub =>["request_time","T"," "] gsub =>["User_Agent","\"",""] } } output { jdbc { #這個是自行下載的JAR包 driver_jar_path => "/data/plugins/ojdbc8.jar" #oracle的資料庫連線引數to_date(?,'YYYY-MM-DD HH24:MI:SS')時間格式化,否則時間會報錯,資料錄不進資料庫 connection_string => "jdbc:oracle:thin:username/password@id:1521/sid" #插入語句,這裡在插入中使用了 statement => [ "INSERT INTO NGINX_LOGS(ID, SYSTEM_NAME, REMOTE_ADDR, REMOTE_PORT, REMOTE_USER, REQUEST, REQUEST_LENGTH, REQUEST_METHOD, REQUEST_TIME, REQUEST_URI, REQUEST_ARGS, HTTP_REFERER, HTTP_COOKIE, HTTP_USER_AGENT, HTTP_X_FORWARDED_FOR, HTTP_HOST, HTTP_STATUS, PROXY_HOST, PROXY_PORT, SERVER_ADDR, SERVER_NAME, SERVER_PORT, UPS_TIME, UPS_STATUS, UPS_CONNECT_TIME, UPS_RESPONSE_LENGTH, UPS_SERVER, UPS_ADDR) VALUES(?,?,?,?,?,?,?,?,to_date(?,'YYYY-MM-DD HH24:MI:SS'),?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)","id","system_name","remote_addr","remote_port","remote_user","request","request_length","request_method","request_time","request_uri","request_args","http_referer","http_cookie","http_user_agent","http_x_forwarded_for","http_host","http_status","proxy_host","proxy_port","server_addr","server_name","server_port","ups_time","ups_status","ups_connect_time","ups_response_length","ups_server","ups_addr"] } stdout { codec => json_lines } }View Code