背景
nginx 默认输出acces日志格式是message格式。现在都做日志统一分析ELK了,message格式就不是很适用了。 所以输出json格式就应用而生了。
修改 nginx.conf 配置文件, 注释掉之前 log_format 重新写一个 json格式的log_format
log_format main '{"@timestamp":"$time_iso8601",'
'"@source":"$server_addr",'
'"hostname":"$hostname",'
'"remote_user":"$remote_user",'
'"ip":"$http_x_forwarded_for",'
'"client":"$remote_addr",'
'"request_method":"$request_method",'
'"scheme":"$scheme",'
'"domain":"$server_name",'
'"referer":"$http_referer",'
'"request":"$request_uri",'
'"requesturl":"$request",'
'"args":"$args",'
'"size":$body_bytes_sent,'
'"status": $status,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamaddr":"$upstream_addr",'
'"http_user_agent":"$http_user_agent",'
'"http_cookie":"$http_cookie",'
'"https":"$https"'
'}';
access_log /var/log/nginx/access.log main;
重新加载nginx,access日志就是json格式了
日志输出结果如下:
{"@timestamp":"2022-03-04T10:15:01+08:00","@source":"172.24.215.134","hostname":"bfdaitidv01","remote_user":"-","ip":"-","client":"10.24.42.162","request_method":"GET","scheme":"http","domain":"localhost","referer":"-","request":"/echo","requesturl":"GET /echo HTTP/1.1","args":"-","size":421,"status": 200,"responsetime":0.000,"upstreamtime":"-","upstreamaddr":"-","http_user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36","http_cookie":"theme_cookie=dark-theme; Admin-Token=eyJhbGciOiJIUzUxMiJ9.eyJsb2dpbl91c2VyX2tleSI6Ijc3NDJmMTJiLTI1NjgtNDkyNC05NzYwLTE0MTc4NTkyMjE3YyJ9._nrIszd6ZRjiVjGXSQqra-9i1qbEfNFTBWfv-YQUQEaGzayC5HheGvSWGEuXU8T0uT6CkLWxReLWyQnvoJnEew","https":""}
参考资料:
ngx_http_log_module