Sample Logstash NGINX config log parser
CONTENTS:
- nginx.conf
Configuration file which defines the log format, and also applies the format to the nginx access.log - logstash.conf
Configuration file which defines the logstash input file (nginx/access.log), and is set to output to stdout to test this simple setup. - access.log
Example log file to take as input for logstash. This logs requests made to the nginx server setup on http://localhost:80
ENVIRONMENT SETUP:
This setup was done with both nginx and logstash running locally.
nginx.conf located in /etc/nginx/
logstash.conf located in /etc/logstash/
access.log located in /var/log/nginx/
To test, make sure nginx and logstash are running with the following commands
Nginx:
sudo systemctl start nginx
sudo ufw allow 'Nginx HTTP'
systemctl status nginx
Logstash:
/opt/logstash/bin/logstash -f /etc/logstash/logstash.conf
Once logstash is running, and the nginx server is up locally, we can make get requests to the page http://localhost:80, which should create a log entry in access.log, and we can see the printed output to stdout