我目前有filebeat读取nginx日志并将它们推送到logstash,我试图通过查看URI上下文根来确定日志来自哪个应用程序(不确定这是否是正确的方法),但是问题是没有上下文根的时候。Logstash 将在主机之后立即解析该值。
这是我的 nginx 配置。
server {
listen 443;
server_name MyServer.com;
access_log /var/log/nginx/access_dev.log main if=$loggable;
error_log /var/log/nginx/error_dev.log;
ssl on;
ssl_certificate ssl/bundle.pem;
ssl_certificate_key ssl/wildcard.key;
ssl_session_timeout 5m;
proxy_ssl_verify off;
ssl_protocols TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!aNULL;
ssl_prefer_server_ciphers on;
add_header X-Forwarded-For $host;
add_header X-Forwarded-Proto $scheme;
add_header Host $host;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
location / {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header Host $host;
proxy_pass https://app01.domain.local:443/;
}
location /applicationOne {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header Host $host;
proxy_read_timeout 120s;
proxy_pass https://app02.domain.local:443;
}
}
是否可以将变量添加到特定位置并说出应用程序名称是什么?所以对于位置/我会添加让我们说“门户”,然后在 nginx 日志中它会在最后记录“门户”?
这是我当前的 nginx.conf
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" --
$sent_http_x_username';
map $request_uri $loggable {
default 1;
~*\.(ico|css|js|gif|jpg|jpeg|png|svg|woff|woff2|ttf|eot)$ 0;
}
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
我在日志末尾使用 Portal 要求的示例。
198.143.37.12 - - [31/Jul/2019:10:44:13 -0400]“GET /nosession HTTP/1.1”200 3890“-”“Safari/14607.2.6.1.1 CFNetwork/978.0.7 Darwin/18.6。 0 (x86_64)" "199.83.71.22" "传送门"
如果这是不可能的,还有其他关于如何解决这个问题的想法吗?