A Content Pack for Graylog2 which supports more flexible streaming of logs from nginx
This is partially based on the core Graylog nginx content pack at GitHub - graylog-labs/graylog-contentpack-nginx: A nginx content pack for Graylog, and gives the same inputs, streams and a dashboard as that.
It is designed for people using virtual hosts or other sorts of more complex nginx configuration, and will only work with nginx version 1.11.8 onwards (you can remove the
escape=json from the nginx setup if you want to use an earlier version).
The core advantage of this is that you can add arbitrary fields to the nginx logging and they will just appear magically in nginx, rather than having to delve into complex regex expressions to do things.
This content pack will create two inputs for the nginx
access_log . Extractors are applied to effectively read the most important data into message fields. You will be able to do searches for all requests of a given remote IP, all requests that were answered with a HTTP 400 or just all requests that were slow.
The pack comes with a default dashboard to build upon and several streams that pre-group your HTTP requests into interesting categories. The additional log information described below (see Configuring nginx ) will also add timing information to the requests handled by nginx.