date: 2020-03-31title: nginx日志配置json格式 #标题
tags: nginx日志配置json格式 #标签
categories: nginx # 分类

很多朋友都是以文本的方式来记录日志,然后在logstash上通过filter中的grok模块来处理为json格式的。

这里我写下另一种方式,在nginx记录日志时就变成json的格式,方便ElasticSearch对其检索。
nginx日志格式配置如下:

  1. [root@nginx logs]# cat ../conf/nginx.conf    # 查看配置文件
  2.       log_format log_json '{"@timestamp":"$time_local",'
  3.         '"host": "$server_addr",'
  4.         '"clientip": "$remote_addr",'
  5.         '"size": $body_bytes_sent,'
  6.         '"responsetime": $request_time,'
  7.         '"upstreamtime": "$upstream_response_time",'
  8.         '"upstreamhost": "$upstream_addr",'
  9.         '"http_host": "$host",'
  10.         '"url": "$uri",'
  11.         '"xff": "$http_x_forwarded_for",'
  12.         '"referer": "$http_referer",'
  13.         '"agent": "$http_user_agent",'
  14.         '"status": "$status"}';
  15.     access_log  logs/access.log  log_json;

上述调用的都是nginx内置变量,关于这些变量的含义,可以参考博文:nginx内置预定义变量

记录的日志如下:

  1. {"@timestamp":"31/Mar/2020:12:10:23 +0800","host": "192.168.20.2","clientip": "192.168.20.88","size": 82896,"responsetime": 0.006,"upstreamtime": "0.006","upstreamhost": "192.168.20.3:80","http_host": "192.168.20.2","url": "/img/header-background.png","xff": "-","referer": "http://192.168.20.2/","agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36","status": "200"}