mordekasg
commented
6 years ago What do you mean by saying "on screen" or "on interface"?
Open eligiable opened 6 years ago
mordekasg
commented
6 years ago What do you mean by saying "on screen" or "on interface"?
eligiable
commented
6 years ago @mordekasg referring to the screen/interface means in the search results. I'm not able to send app/custom logs to graylog2.
mordekasg
commented
6 years ago You need to change nginx.conf on line starting with: log_format graylog2_format, so nginx will send custom fields to graylog.
Also you need to add extractor in Graylog (Inputs -> nginx -> Manage extractors) for your new fields in order to see them on search results.
What exactly do you want to add?
eligiable
commented
6 years ago @mordekasg I've multiple virtual hosts under nginx, and each host has its own error and access log, which I need to send to graylog.
mordekasg
commented
6 years ago @eligiable You need to configure your logs in vhosts: error_log syslog:server=graylog.example.com:12302; access_log syslog:server=graylog.example.com:12301 graylog2_format;
It`s the same configuration which you should have in your nginx.conf fiile.
mordekasg
commented
6 years ago @eligiable Any update?
eligiable
commented
6 years ago @mordekasg Thank you for your help, I moved from Graylog to ELK, its easy and working fine using beats.
We have lots of subdomains hosted on a single server, and all of the virtual hosts have their separate logs under /var/log/nginx. I'm not able to find a way to get these logs on the screen.
Nginx default access and error logs are only displaying on the interface.