ELK IIS 日志-->logstash-->ElasticSearch
2016-03-28 15:24
225 查看
NXLOG 配置
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension w3c>
Module xm_csv
Fields $date, $time, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, $s-port, $cs-username, $c-ip, $csUser-Agent, $sc-status, $sc-substatus, $sc-win32-status, $time-taken
FieldTypes string, string, string, string, string, string, integer, string, string, string, integer, integer, integer, integer
Delimiter ' '
</Extension>
<Extension json>
Module xm_json
</Extension>
<Extension syslog>
Module xm_syslog
</Extension>
<Input IIS_Logs>
Module im_file
File "C:\inetpub\logs\LogFiles\W3SVC18\u_ex*.log"
SavePos TRUE
Exec if $raw_event =~ /^#/ drop(); \
else \
{ \
w3c->parse_csv(); \
$EventTime = parsedate($date + "T" + $time+"Z"); \
$SourceName = "IIS"; \
}
</Input>
<Output IIS_out>
Module om_tcp
Host 127.0.0.1
Port 5545
Exec to_json();
</Output>
<Route 2>
Path IIS_Logs => IIS_out
</Route>
Logstash 配置
input {
tcp {
port=>5545
type=>"iis-input"
codec => "json"
}
}
output {
if [type]=="iis-input" {
elasticsearch {
hosts => ["localhost:9200"]
index=>"logstash-%{type}-%{+YYYY.MM.dd}"
document_type=>"%{type}"
}
}
}
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension w3c>
Module xm_csv
Fields $date, $time, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, $s-port, $cs-username, $c-ip, $csUser-Agent, $sc-status, $sc-substatus, $sc-win32-status, $time-taken
FieldTypes string, string, string, string, string, string, integer, string, string, string, integer, integer, integer, integer
Delimiter ' '
</Extension>
<Extension json>
Module xm_json
</Extension>
<Extension syslog>
Module xm_syslog
</Extension>
<Input IIS_Logs>
Module im_file
File "C:\inetpub\logs\LogFiles\W3SVC18\u_ex*.log"
SavePos TRUE
Exec if $raw_event =~ /^#/ drop(); \
else \
{ \
w3c->parse_csv(); \
$EventTime = parsedate($date + "T" + $time+"Z"); \
$SourceName = "IIS"; \
}
</Input>
<Output IIS_out>
Module om_tcp
Host 127.0.0.1
Port 5545
Exec to_json();
</Output>
<Route 2>
Path IIS_Logs => IIS_out
</Route>
Logstash 配置
input {
tcp {
port=>5545
type=>"iis-input"
codec => "json"
}
}
output {
if [type]=="iis-input" {
elasticsearch {
hosts => ["localhost:9200"]
index=>"logstash-%{type}-%{+YYYY.MM.dd}"
document_type=>"%{type}"
}
}
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- ubuntu下安装jdk
- css动画
- 收藏的一些文章地址
- 网络基础---TCP连接
- how to mapping phoenix table for hive
- 冯诺依曼体系结构与哈弗体系结构的区别
- jquery加载HTML片段
- 1.2016年 物电学院 电气工程及其自动化专业 辛雅松 15050341033
- 初识google多语言通信框架gRPC系列(四)C++中使用gRPC
- 73条日常Linux shell命令汇总,总有一条你需要!
- Beaglebone Black教程Beaglebone Black的引脚分配
- Tomcat日志切割(logrotate)
- 解决Sublime Text窗口标签栏不见问题
- validate binary search tree
- android 如何从网络获取一张图片
- 【Spring学习笔记一】-Spring配置和简单实例
- ibatis - sqlMapConfig.xml配置文件详解
- Servlet详解
- Your build settings specify a provisioning profile with the UUID, no provisioning profile was
- javascript——textarea自动伸缩问题