Closed gravis closed 8 years ago
mariussturm
commented
8 years ago We apply a content-pack to all Graylog appliances. This ships with two inputs, a dashboard and a couple of extractor rules (thats the reason for the static fields). At the same time we ingest all appliance logs from services like Nginx or Elasticsearch via GELF to Graylog. So that a new user doesn't find an empty system and has no idea where to start.
gravis
commented
8 years ago "a new user doesn't find an empty system and has no idea where to start."
I like the idea, but why leaving the fields from_nginx: true and nginx_access: true? Wouldn't be better to have a "vanilla" Gelf input instead? (which is pretty much the idea with the syslog input).
I agree this image must be ready to use, it's just these 2 static fields I find confusing.
thanks
mariussturm
commented
8 years ago They are used by the stream rules and extractors.
gravis
commented
8 years ago ho, good catch :) thanks
Hi,
I'm wondering why the docker image is shipping with 2 inputs:
from_nginx: trueandnginx_access: truefrom_syslog: trueI understand the Syslog UDP input, but why appliance-gelf-udp?? Also, it seems to come from the nginx content pack, without the error_log input, and the port is different (12301 in the pack, 12201 here). It's confusing, and error-prone.
The appliance-gelf-udp shouldn't have the 2 static fields, right?