Cannot sending nginx access.log to the graylog

I have nginx server (which has https domain name), and i want to send logs from nginx: access.log to the graylog, but it doesnt work.

i insert this block to nginx.conf in http block:

http {
.....

log_format graylog_json escape=json '{ "timestamp": "$time_iso8601", '
                     '"remote_addr": "$remote_addr", '
                     '"body_bytes_sent": $body_bytes_sent, '
                     '"request_time": $request_time, '
                     '"response_status": $status, '
                     '"request": "$request", '
                     '"request_method": "$request_method", '
                     '"host": "$host",'
                     '"upstream_cache_status": "$upstream_cache_status",'
                     '"upstream_addr": "$upstream_addr",'
                     '"http_x_forwarded_for": "$http_x_forwarded_for",'
                     '"http_referrer": "$http_referer", '
                     '"http_user_agent": "$http_user_agent" }';

then add this to the server block which has https configured in it:

server
{ ...

    access_log syslog:server=ipaddress_graylog:1516 graylog_json;
    error_log syslog:server=ipaddress_graylog:1517 warn;

}

i also had enabled the firewall in specific port, both in server and security groups.

Hey @bruleeyo

Try using a shipper like Nxlog and/or Beat (i.e., Filebeat)

Can rsyslog also be used as a log shipper? or is it better use nxlog or Beat? i’ve read about nxlog and mostly it uses in windows server. could you give me a good reference how to setup them?

ps: i have modsecurity and nginx in my ubuntu server (and want to send access.log & auth.logs to graylog at least)

Hey

Yes you can.

depends on the user, I used it in all my Linux an windows servers just recently I moved to different beat shippers. Download for community version here

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.