graylog-contentpack-nginx icon indicating copy to clipboard operation
graylog-contentpack-nginx copied to clipboard

Published 20 hours ago verified publisher icon graylog-labs

How to get multiple Virtual Host Logs?

Open eligiable opened this issue 7 years ago • 7 comments
trafficstars

We have lots of subdomains hosted on a single server, and all of the virtual hosts have their separate logs under /var/log/nginx. I'm not able to find a way to get these logs on the screen.

Nginx default access and error logs are only displaying on the interface.

eligiable avatar Mar 05 '18 13:03 eligiable

What do you mean by saying "on screen" or "on interface"?

mordekasg avatar Mar 14 '18 20:03 mordekasg

@mordekasg referring to the screen/interface means in the search results. I'm not able to send app/custom logs to graylog2.

eligiable avatar Mar 15 '18 05:03 eligiable

You need to change nginx.conf on line starting with: log_format graylog2_format, so nginx will send custom fields to graylog.

Also you need to add extractor in Graylog (Inputs -> nginx -> Manage extractors) for your new fields in order to see them on search results.

What exactly do you want to add?

mordekasg avatar Mar 15 '18 07:03 mordekasg

@mordekasg I've multiple virtual hosts under nginx, and each host has its own error and access log, which I need to send to graylog.

eligiable avatar Mar 16 '18 19:03 eligiable

@eligiable You need to configure your logs in vhosts: error_log syslog:server=graylog.example.com:12302; access_log syslog:server=graylog.example.com:12301 graylog2_format;

It`s the same configuration which you should have in your nginx.conf fiile.

mordekasg avatar Mar 19 '18 16:03 mordekasg

@eligiable Any update?

mordekasg avatar Mar 22 '18 07:03 mordekasg

@mordekasg Thank you for your help, I moved from Graylog to ELK, its easy and working fine using beats.

eligiable avatar Mar 22 '18 08:03 eligiable