More than 3 years have passed since last update.

Elastic Filebeat(7.16.3)で Apache HTTP Server の Response Time を取得する方法

Last updated at 2022-02-07Posted at 2022-02-07

FilebeatでApacheのCombined形式ログにResponse Timeを付与したログ形式を取得する方法

1.Apache HTTP Serverのログの形式combinedを修正する

$APACHE_HOME/conf/httpd.conf

# LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
↓ %Dを追加して、Apacheのcombinedのログの形式の最後にレスポンスタイムを追加する
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined

2.Filebeatのfields.ymlを修正する

response_timeをフィールドに追加する

/etc/filebeat/fields.yml

 10481             - name: response_code
 10482               type: alias
 10483               path: http.response.status_code
 10484               migration: true
# ↓response_timeを追加
 10485             - name: response_time
 10486               type: alias
 10487               path: apache2.access.response_time
 10488               migration: true
# ↑response_timeを追加
 10489             - name: referrer
 10490               type: alias
 10491               path: http.request.referrer

3.Apacheのモジュールを有効化

filebeat

# filebeat modules enable apache

4.FilebeatのApacheのモジュールのpipeline.ymlを修正する

16と20行目の最後に「( %{NUMBER:apache2.access.response_time:long})?」を追加する

/usr/share/filebeat/module/apache/access/ingest/pipeline.yml

 12     patterns:
 13     - '%{IPORHOST:destination.domain} %{IPORHOST:source.ip} - %{DATA:user.name} \[%{HTTPDATE:apache.access.time}\]
 14       "(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?"
 15       %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)(
 16       "%{DATA:http.request.referrer}")?( "%{DATA:user_agent.original}")?( %{NUMBER:apache2.access.response_time:long})?'
 17     - '%{IPORHOST:source.address} - %{DATA:user.name} \[%{HTTPDATE:apache.access.time}\]
 18       "(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?"
 19       %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)(
 20       "%{DATA:http.request.referrer}")?( "%{DATA:user_agent.original}")?( %{NUMBER:apache2.access.response_time:long})?'

5.Apacheのログの場所を指定

/etc/filebeat/modules.d/apache.yml

- module: apache
  # Access logs
  access:
    enabled: true

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths: ["$APACHE_LOG_HOME/access_log**"]

  # Error logs
  error:
    enabled: true

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths: ["$APACHE_LOG_HOME/error_log**"]

6.Filebeat起動

# systemctl enable filebeat.service
# systemctl start filebeat.service

参考文献

FilebeatでApacheアクセスログの取り込み(レスポンスタイムフィールド追加)

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up