Logs analyzer for nginx

Graylog Central (peer support)
1

Hi! I’m new to graylog. I have set up Graylog 2.4.3 on Ubuntu 16.04. I have two inputs created - one of them receives nginx access logs, the other one nginx error logs. Everything works fine, Graylog is receiving all logs.

But as our nginx access logs includes lot of http requests, I want to find any plugin compatible with graylog, so I can easily search and find for like:

Is there any plugin supporting something like this?

2

@somethingmay you need to create extractors ( http://docs.graylog.org/en/2.4/pages/extractors.html? ) or a processing pipeline ( http://docs.graylog.org/en/2.4/pages/pipelines.html ) to extract this kind of information out of your logs.

You might also find some of the content from the marketplace helpful: https://marketplace.graylog.org/addons?search=nginx

3

Currently at work I’m working on something much different than Graylog, so I think my brains will explode if I will tray to do something with extractors…
Maybe someone would help me. I have uploaded screenshot where you can see how our logs looks like. Our main needs is to extract IP address (starting at 212) and web link (starting at https://e), and then use them to search for top visitors and most visited web pages. Thanks a lot!

messages
messages.PNG1004×581 43 KB

4

There are various nginx-related content packs on the Graylog Marketplace.
Check those out for some ideas how to solve your use case.

5

As @jochen said, there are a few nginx Content Packs on the Marketplace which will give you some useful extractors. However, let me suggest the JSON Nginx content pack, assuming your Nginx version is >=1.11.8.

You simply define a log_format in the nginx config with the nginx fields you want to include and the included extractors will put everything into searchable fields, much more reliably than using regex’s on the Graylog side.

6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.