Production vs stage vs dev nginx logging

Graylog Central (peer support)
1

Hi,

I am a graylog super newbie, so I am still learning. Currently I have one graylog server collecting logs from 4 production, 4 staging and 4 development servers.

When they report into graylog, everything is jumbled so there is no distinguishment other than the IP address, is there a way I can indicate in nginx when it sends it into the graylog, that its from production1?

Thanks!

2

How are you collecting the logs? Filebeat, syslog, something else? You might be able to add some tags, depeding on what you’re using.

3

in nginx.conf

log_format graylog2_json escape=json '{ “timestamp”: “$time_iso8601”, ’
'“remote_addr”: “$remote_addr”, ’
'“body_bytes_sent”: $body_bytes_sent, ’
'“request_time”: $request_time, ’
'“response_status”: $status, ’
'“request”: “$request”, ’
'“request_method”: “$request_method”, ’
‘“host”: “$host”,’
‘“upstream_cache_status”: “$upstream_cache_status”,’
‘“upstream_addr”: “$upstream_addr”,’
‘“http_x_forwarded_for”: “$http_x_forwarded_for”,’
'“http_referrer”: “$http_referer”, ’
‘“http_user_agent”: “$http_user_agent” }’;

replace the hostnames with the IP or hostname of your Graylog2 server

access_log syslog:server=xx.xx.xx.xx:1514 graylog2_json;
error_log syslog:server=xx.xx.xx.xx:1514;

4

is there an easy way to tag these? or should I make 6 inputs, and update the nginx.configs to use the appropriate ports? I am using graylog 4.0.5.

5

I think i have it figured out now. sorry I said i was a super noob.

i went with

log_format graylog2_json escape=json '{ “timestamp”: “$time_iso8601”, ’
'“remote_addr”: “$remote_addr”, ’
'“body_bytes_sent”: $body_bytes_sent, ’
'“request_time”: $request_time, ’
'“response_status”: $status, ’
'“request”: “$request”, ’
'“request_method”: “$request_method”, ’
‘“host”: “$host”,’
‘“upstream_cache_status”: “$upstream_cache_status”,’
‘“upstream_addr”: “$upstream_addr”,’
‘“http_x_forwarded_for”: “$http_x_forwarded_for”,’
'“http_referrer”: “$http_referer”, ’
'“http_user_agent”: “$http_user_agent”, ’
’“region”: “us”,'
** ‘“env”: “dev” }’;**

Just manually adding the region and env tags.

3 Likes
6

Nicely done, thanks for sharing the solution back with the community! And welcome!

1 Like
7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.