Production vs stage vs dev nginx logging

ToddG · March 10, 2021, 7:17pm

Hi,

I am a graylog super newbie, so I am still learning. Currently I have one graylog server collecting logs from 4 production, 4 staging and 4 development servers.

When they report into graylog, everything is jumbled so there is no distinguishment other than the IP address, is there a way I can indicate in nginx when it sends it into the graylog, that its from production1?

Thanks!

aaronsachs · March 10, 2021, 8:01pm

How are you collecting the logs? Filebeat, syslog, something else? You might be able to add some tags, depeding on what you’re using.

ToddG · March 10, 2021, 8:05pm

in nginx.conf

log_format graylog2_json escape=json '{ “timestamp”: “$time_iso8601”, ’
'“remote_addr”: “$remote_addr”, ’
'“body_bytes_sent”: $body_bytes_sent, ’
'“request_time”: $request_time, ’
'“response_status”: $status, ’
'“request”: “$request”, ’
'“request_method”: “$request_method”, ’
‘“host”: “$host”,’
‘“upstream_cache_status”: “$upstream_cache_status”,’
‘“upstream_addr”: “$upstream_addr”,’
‘“http_x_forwarded_for”: “$http_x_forwarded_for”,’
'“http_referrer”: “$http_referer”, ’
‘“http_user_agent”: “$http_user_agent” }’;

replace the hostnames with the IP or hostname of your Graylog2 server

access_log syslog:server=xx.xx.xx.xx:1514 graylog2_json;
error_log syslog:server=xx.xx.xx.xx:1514;

ToddG · March 11, 2021, 5:34pm

is there an easy way to tag these? or should I make 6 inputs, and update the nginx.configs to use the appropriate ports? I am using graylog 4.0.5.

ToddG · March 11, 2021, 8:30pm

I think i have it figured out now. sorry I said i was a super noob.

i went with

log_format graylog2_json escape=json '{ “timestamp”: “$time_iso8601”, ’
'“remote_addr”: “$remote_addr”, ’
'“body_bytes_sent”: $body_bytes_sent, ’
'“request_time”: $request_time, ’
'“response_status”: $status, ’
'“request”: “$request”, ’
'“request_method”: “$request_method”, ’
‘“host”: “$host”,’
‘“upstream_cache_status”: “$upstream_cache_status”,’
‘“upstream_addr”: “$upstream_addr”,’
‘“http_x_forwarded_for”: “$http_x_forwarded_for”,’
'“http_referrer”: “$http_referer”, ’
'“http_user_agent”: “$http_user_agent”, ’
’“region”: “us”,'
** ‘“env”: “dev” }’;**

Just manually adding the region and env tags.

ttsandrew · March 12, 2021, 9:37pm

Nicely done, thanks for sharing the solution back with the community! And welcome!

system · March 26, 2021, 9:38pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sending Nginx log to graylog Graylog Central (peer support)	9	11920	December 5, 2018
Change defaut facility fron nginx logs Graylog Central (peer support)	6	724	February 26, 2019
Cannot sending nginx access.log to the graylog Graylog Central (peer support)	4	1043	August 10, 2023
Log custom header X-API-KEY from nginx to Graylog Graylog Central (peer support)	1	1870	October 28, 2017
Failed to send logs to my graylog in production Graylog Central (peer support)	6	1077	January 24, 2019

Production vs stage vs dev nginx logging

replace the hostnames with the IP or hostname of your Graylog2 server

Related topics