graylog syslog udp nginx accesslog
etc/graylog
Updated
•1 min read
- Graylog
Add INPUT - Syslog UDP, Global, Port
Add Listen Port on Graylog Server
- nginx
{
........
log_format graylog escape=json '{ "version": "1.1", '
'"host": "$host", '
'"short_message": "$request", '
'"timestamp": "$time_iso8601", '
'"level": 6, '
'"_request_user_agent": "$http_user_agent", '
'"_request_ip_address": "$remote_addr", '
'"_request_total_bytes": $body_bytes_sent, '
'"_request_method": "$request_method", '
'"_request_path": "$request", '
'"_request_query_string": "$args", '
'"_process_time_ms": $request_time, '
'"_response_status": $status, '
'"_upstream_cache_status": "$upstream_cache_status", '
'"_upstream_addr": "$upstream_addr", '
'"_http_x_forwarded_for": "$http_x_forwarded_for", '
'"_http_referer": "$http_referer", '
'"_web_server": "NGINX" }';
access_log syslog:server=<graylog-input>:<graylog-port> graylog;
error_log syslog:server=<graylog-input>:<graylog-port>;
........
}
- note
Due to encoding error, recommend separation of existing input and port.
