• Nginx配置GeoIP库或者直接通过修改Logstash将日志写入ES


    GItHub:https://github.com/TravelEngineers/ngx_http_geoip2_module

    一、DB文件下载

    先注册用户:https://dev.maxmind.com/geoip/geoip2/geolite2/

    手动进入下载页面:https://www.maxmind.com/en/accounts/455551/geoip/downloads   # 455551为用户ID

    生成一个用户自己的 License Key

    然后配置到自己的系统里

    # vim /etc/GeoIP.conf 

    # geoipupdate

    执行 geoipupdate 此时会自动下载或更新 /usr/share/GeoIP 文件夹内的mmdb文件

    二、Nginx配置引用GeoIP变量

    首先安装ngx_http_geoip2_module依赖项

    wget https://github.com/maxmind/libmaxminddb/releases/download/1.3.2/libmaxminddb-1.3.2.tar.gz
    tar -xvf libmaxminddb-1.3.2.tar.gz
    cd libmaxminddb-1.3.2
    ./configure
    make && make config
    echo "/usr/local/lib" >> /etc/ld.so.conf
    ldconfig

    然后重新编译安装nginx,支持GeoIP模块

    ./configure --prefix=/usr/local/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_stub_status_module --with-http_realip_module --with-http_v2_module --add-module=/root/ngx_http_geoip2_module

    nginx.conf:

        log_format main escape=json '{"remote_addr":"$remote_addr",'
            '"timestamp":"$time_local",'
            '"country":"$geoip2_data_country_name",'
            '"city":"$geoip2_city_name",'
            '"method":"$request_method",'
            '"request":"$uri",'
            '"requestParam":"$query_string",'
            '"status":"$status",'
            '"referrer":"$http_referer",'
            '"agent":"$http_user_agent",'
            '"elapsed":"$request_time",'
            '"serverelapsed":"$upstream_response_time"}';
    
        geoip2 /usr/local/nginx/conf/GeoLite2-Country.mmdb {
            auto_reload 5m;
            $geoip2_metadata_country_build metadata build_epoch;
            $geoip2_data_country_code default=US country iso_code;
            $geoip2_data_country_name country names en;
        }
    
        geoip2 /usr/local/nginx/conf/GeoLite2-City.mmdb {
             $geoip2_city_name default=BeiJing city names en;
             $geoip2_continent_code continent code;
        }

    通过修改Logstash使用geoip插件定制日志内容传入ES,并通过Kibana的Worldmap Panel Plugin展示在Grafana

    项目地址:

    https://github.com/grafana/worldmap-panel

    https://grafana.com/grafana/plugins/grafana-worldmap-panel

    1、插件安装:grafana-cli plugins install grafana-worldmap-panel

    2、Nginx配置文件日志格式编辑指定

        log_format main escape=json
            '{"client_ip":"$remote_addr",'
            '"timestamp":"$time_local",'
            '"method":"$request_method",'
            '"request":"$uri",'
            '"requestParam":"$query_string",'
            '"status":"$status",'
            '"referrer":"$http_referer",'
            '"agent":"$http_user_agent",'
            '"elapsed":"$request_time",'
            '"serverelapsed":"$upstream_response_time"'
        '}';

    3、Logstash配置文件

    input {
        file {
          path => "/usr/local/nginx/logs/adg-access.log"
          codec => json
          type => "adg-nginx"
        }
    }
    
    filter {
        geoip {
          source => "client_ip"
          target => "geoip"
          database =>"/usr/share/GeoIP/GeoLite2-City.mmdb"
          remove_field => [ "[geoip][timezone]","[geoip][country_code3]","[geoip][region_code]","[geoip][city_name]","[geoip][ip]","[geoip][region_name]","[geoip][continent_code
    ]","[geoip][longitude]","[geoip][latitude]" ]
        }
        mutate {
          convert => [ "elapsed", "float" ]
          convert => [ "serverelapsed", "float" ]
          convert => [ "status", "integer" ]
          #convert => [ "[geoip][coordinates]", "float" ]
          remove_field => [ "messages","timestamp","@version","host","path" ]
        }
        date {
          match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
        }
    }
    
    output {
        if [type] == "adg-nginx" {
          elasticsearch {
          hosts => ["192.168.0.7:9200", "192.168.0.17:9200", "192.168.0.9:9200"]
          index => "nginx-my-adg-kr.%{+YYYY-MM-dd}"
          }
        }
    }

    参考资料:https://www.ucloud.cn/yun/90596.html

                   https://grafana.com/grafana/dashboards/11190

  • 相关阅读:
    第五周反向传播算法
    PHP数组排序
    <meta-data>
    Android之Intent
    Fragment生命周期
    前端后台学习笔记汇杂
    IntelliJ IDEA 14.x 与 Tomcat 集成,创建并运行Java Web项目
    用java将excel中数据导入mysql
    幸运观众抽奖
    JTextField
  • 原文地址:https://www.cnblogs.com/wjoyxt/p/14087434.html
Copyright © 2020-2023  润新知