nginx 日志改为json格式

nginx 日志改为json格式


场景描述

正常使用nginx时,使用默认的日志输出格式,对于后续日志接入其他第三方日志收集、清洗环节,因分隔符问题可能不是很友好。

复制代码
xxxx - - [19/Feb/2024:11:16:48 +0800] "GET /time_feed HTTP/1.1" 200 42 "http://sre-support.xxxx-inc.top/back" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"
xxxx - - [19/Feb/2024:11:16:49 +0800] "GET /time_feed HTTP/1.1" 200 42 "http://sre-support.xxxx-inc.top/back" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"
xxxx - - [19/Feb/2024:11:16:50 +0800] "GET /time_feed HTTP/1.1" 200 42 "http://sre-support.xxxx-inc.top/back" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"
xxxx - - [19/Feb/2024:11:16:51 +0800] "GET /time_feed HTTP/1.1" 200 42 "http://sre-support.xxxx-inc.top/back" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"
xxxx - - [19/Feb/2024:11:16:52 +0800] "GET /time_feed HTTP/1.1" 200 42 "http://sre-support.xxxx-inc.top/back" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"
xxxx - - [19/Feb/2024:11:16:53 +0800] "GET /time_feed HTTP/1.1" 200 42 "http://sre-support.xxxx-inc.top/back" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"

nginx同时支持将日志输出为json格式,修改较小,下面为效果。

效果

复制代码
{"@timestamp":"2024-02-19T11:23:09+08:00","server_addr":"10.0.0.251","remote_addr":"xxxx","host":"sre-support.xxxx-inc.top","uri":"/time_feed","body_bytes_sent":42,"upstream_response_time":0.000,"request":"GET /time_feed HTTP/1.1","request_length":349,"request_time":0.001,"status":"200","http_referer":"http://sre-support.xxxx-inc.top/max_data","http_x_forwarded_for":"","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"}
{"@timestamp":"2024-02-19T11:23:10+08:00","server_addr":"10.0.0.251","remote_addr":"xxxx","host":"sre-support.xxxx-inc.top","uri":"/time_feed","body_bytes_sent":42,"upstream_response_time":0.001,"request":"GET /time_feed HTTP/1.1","request_length":349,"request_time":0.001,"status":"200","http_referer":"http://sre-support.xxxx-inc.top/max_data","http_x_forwarded_for":"","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"}
{"@timestamp":"2024-02-19T11:23:11+08:00","server_addr":"10.0.0.251","remote_addr":"xxxx","host":"sre-support.xxxx-inc.top","uri":"/time_feed","body_bytes_sent":42,"upstream_response_time":0.000,"request":"GET /time_feed HTTP/1.1","request_length":349,"request_time":0.001,"status":"200","http_referer":"http://sre-support.xxxx-inc.top/max_data","http_x_forwarded_for":"","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"}
{"@timestamp":"2024-02-19T11:23:12+08:00","server_addr":"10.0.0.251","remote_addr":"xxxx","host":"sre-support.xxxx-inc.top","uri":"/time_feed","body_bytes_sent":42,"upstream_response_time":0.000,"request":"GET /time_feed HTTP/1.1","request_length":349,"request_time":0.001,"status":"200","http_referer":"http://sre-support.xxxx-inc.top/max_data","http_x_forwarded_for":"","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"}
{"@timestamp":"2024-02-19T11:23:13+08:00","server_addr":"10.0.0.251","remote_addr":"xxxx","host":"sre-support.xxxx-inc.top","uri":"/time_feed","body_bytes_sent":42,"upstream_response_time":0.000,"request":"GET /time_feed HTTP/1.1","request_length":349,"request_time":0.001,"status":"200","http_referer":"http://sre-support.xxxx-inc.top/max_data","http_x_forwarded_for":"","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"}

变更

旧样式

nginx一般默认会打开日志格式化格式,我这里为默认的格式,可能有的同学使用的是自定义格式,但是都是用" - " 分割的。

样式为:

新样式

因本身nginx支持json格式日志输出,下面为我使用的示例,我这里增加了获取源站响应时间upstream_response_timer,所以下面先增加了upstream_response_timer取值方式。

下面的log_format展示了当前获取的字段,各位可根据自己需求进行自定义。

复制代码
http {
        map $upstream_response_time $upstream_response_timer {
        default $upstream_response_time;
        ""        0;
    }
    log_format log_json escape=json '{"@timestamp":"$time_iso8601",'
                '"server_addr":"$server_addr",'
                '"remote_addr":"$remote_addr",'
                '"host":"$host",'
                '"uri":"$uri",'
                '"body_bytes_sent":$body_bytes_sent,'
                '"upstream_response_time":$upstream_response_timer,'
                '"request":"$request",'
                '"request_length":$request_length,'
                '"request_time":$request_time,'
                '"status":"$status",'
                '"http_referer":"$http_referer",'
                '"http_x_forwarded_for":"$http_x_forwarded_for",'
                '"http_user_agent":"$http_user_agent"'
                '}';
        access_log  /var/log/nginx/access.log  log_json;
        error_log /var/log/nginx/error.log error;
        ........
}

样式为:

相关推荐
斯是 陋室8 小时前
在CentOS7.9服务器上安装.NET 8.0 SDK
运维·服务器·开发语言·c++·c#·云计算·.net
云资源服务商11 小时前
探索阿里云DMS:解锁高效数据管理新姿势
数据库·阿里云·oracle·云计算
guganly11 小时前
H3C防火墙基于VRF和路由复制实现AWS DX多租户隔离配置手册
网络·云计算·aws
stoneSkySpace12 小时前
set、map 比数组,json 对象的性能更好原因分析
json
蔡不菜和他的uU们13 小时前
LAMP迁移LNMP Nginx多站点配置全流程
运维·nginx
一眼万年0413 小时前
Nginx Master-Worker 进程间的共享内存是怎么做到通用还高效的?
后端·nginx·面试
用户697793063425314 小时前
什么?2025年了发版后还要手动清浏览器缓存?
前端·nginx
来自于狂人15 小时前
Docker-Beta?ollama的完美替代品
运维·人工智能·docker·容器·云计算
Jiude16 小时前
如何使用 Certbot 为域名配置永久免费的 HTTPS 证书
后端·nginx·https
阿里云云原生17 小时前
阿里云可观测 2025 年 3 月产品动态
阿里云·云计算