Closed gravis closed 8 years ago
We apply a content-pack to all Graylog appliances. This ships with two inputs, a dashboard and a couple of extractor rules (thats the reason for the static fields). At the same time we ingest all appliance logs from services like Nginx or Elasticsearch via GELF to Graylog. So that a new user doesn't find an empty system and has no idea where to start.
"a new user doesn't find an empty system and has no idea where to start."
I like the idea, but why leaving the fields from_nginx: true
and nginx_access: true
? Wouldn't be better to have a "vanilla" Gelf input instead? (which is pretty much the idea with the syslog input).
I agree this image must be ready to use, it's just these 2 static fields I find confusing.
thanks
They are used by the stream rules and extractors.
ho, good catch :) thanks
Hi,
I'm wondering why the docker image is shipping with 2 inputs:
from_nginx: true
andnginx_access: true
from_syslog: true
I understand the Syslog UDP input, but why appliance-gelf-udp?? Also, it seems to come from the nginx content pack, without the error_log input, and the port is different (12301 in the pack, 12201 here). It's confusing, and error-prone.
The appliance-gelf-udp shouldn't have the 2 static fields, right?