root@elk:/home/ubuntu# /etc/init.d/nginx start
[ ok ] Starting nginx (via systemctl): nginx.service.
root@elk:/home/ubuntu# /etc/init.d/nginx status
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2017-09-30 11:40:59 CST; 1min 8s ago
Main PID: 4320 (nginx)
CGroup: /system.slice/nginx.service
├─4320 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
├─4321 nginx: worker process
└─4322 nginx: worker process
Sep 30 11:40:59 elk systemd[1]: Starting A high performance web server and a reverse pro...r...
Sep 30 11:40:59 elk systemd[1]: Started A high performance web server and a reverse prox...ver.
Sep 30 11:42:06 elk systemd[1]: Started A high performance web server and a reverse prox...ver.
Hint: Some lines were ellipsized, use -l to show in full.
为了测试起见,将端口修改为 88.修改文件/etc/nginx/sites-available/default,并重启 Nginx 服务:
server {
listen 88 default_server;
listen [::]:88 default_server;
鉴于该服务器没有设置公网IP,在其路由器上设置端口转发规则,使得可以通过路由器的EIP的88端口访问到它上面的Nginx服务:
在浏览器上测试,Nginx 可用:
1.2.2 安装和配置 Logstash
wget https://artifacts.elastic.co/downloads/logstash/logstash-5.2.2.tar.gz
tar zxvf logstash-5.2.2.tar.gz
ln -s logstash-5.2.2 logstash
创建文件 nginxlog2es.conf,内容如下。它会将 Nginx 的日志文件 /var/log/nginx/access.log_json 中的日志发到 ES 服务器 192.168.10.102:9200:
{"@timestamp":"2017-09-30T12:44:19+08:00","host":"192.168.10.104","clientip":"140.206.84.10","size":0,"responsetime":0.000,"upstreamtime":"-","upstreamhost":"-","http_host":"120.132.124.103","url":"/index.nginx-debian.html","xff":"-","referer":"-","agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36","status":"304"}
启动logstash,