Graylog Dashboard for Nginx Logs

wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.2.0-x86_64.rpm
rpm -ivh filebeat-8.2.0-x86_64.rpm
# ============================== Filebeat inputs ===============================
# Needed for Graylog
fields_under_root: true
fields.collector_node_id: {{ ansible_hostname }}
fields.source: {{ ansible_hostname }}
fields.gl2_source_collector: {{ ansible_hostname }}
# /Needed for Graylog
filebeat.inputs:
paths:
- /var/log/nginx/*.log
# ------------------------------ Logstash Output -------------------------------
output.logstash:
# The Logstash hosts
hosts: ["my-graylog-hostname:5044"]
systemctl start filebeat
systemctl enable filebeat
%{IPORHOST:clientip} %{HTTPDUSER:ident} %{USER:auth} \[%{HTTPDATE:timestamp;date;dd/MMM/yyyy:HH:mm:ss Z}\] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" %{NUMBER:response} (?:%{NUMBER:bytes}|-) %{QS:referrer} %{QS:agent} %{QS:forwarder}
%{NGINX}

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
One9twO

One9twO

A pragmatic programmer with a rubber duck.