Tag:windows configuration file cookie chrome
Log format:logformat "%{clientip}i %l %u %t \"%r\ " %>s %b \"%{Referer}i\ " \ "%{user-agent}i\" \ "%{clientip}i.%{cookie}n\" " combined Log instance:183.60.150.34 - - [23/jun/2017:17:57:52 +0800] "get /jump/cps.jsp?projectcode=0085001&cid=a200647189%7c% 7c0000&url=http%3a%2f%2fwww.mangocity.com http/1.1 " 302 - " http://myhenan.qq.com/ T-7947749-1.htm " " mozilla/5.0 (windows nt 5.1) AppleWebKit/537.36 (khtml, Like gecko) chrome/47.0.2526.108 safari/537.36 2345explorer/8.6.1.15524 " " 183.60.150.34.10.10.130.100.1498211872045986 "Logstash configuration file:input { file { type => "Www_access" path => ["/usr/local/elk/elklog/apachelog/log0/ Www.mangocity.com-access_log ","/usr/local/elk/elklog/apachelog/log1/www.mangocity.com-access_log "] }file { type => "Ro_access" path => ["/usr/local/elk/elklog /apachelog/log0/ro.mangocity.com-access_log ","/usr/local/elk/elklog/apachelog/log1/ro.mangocity.com-access_log "] }}filter { grok { match => { "Message" => "(%{user:clientip}| %{iporhost:clientip}|%{iporhost:clientip}, %{iporhost}) %{user:ident} %{user:auth} \[%{ httpdate:timestamp}\] "%{word:verb}&Nbsp;%{data:request} http/%{number:httpversion} " %{NUMBER:response:int} (?:-| %{number:bytes:int}) %{qs:referrer} %{qs:agent} ' } } date { match => [ "timestamp", "dd/mmm/yyyy:hh:mm:ss z " ] locale => en } geoip { source => "ClientIP" } useragent { source => "Agent" target => "useragent" }}output { redis { host => "10.10.45.200" data_ type => "List" &nbsP; key => "Elk_frontend_access:redis" port=> "5379" } }
Apache Access log logstash configuration file Instance 1