Setting up apache access logs and error logs in Graylog2

tkumark · April 11, 2017, 1:42am

Hi
I am new to Graylog and trying to setup apache access logs and error logs. I have used ELK stack once where it go like Beats>Logstash(do some formatting of log using gork) > elasticsearch (update template to consider responsecode and responsetime as number)> Kibana

In Graylog what would you suggest the best approach to ship logs and format the logs. I see there is an extractor option avilable.
So if i send the logs from beats directly to graylog, would it extract and format the log and then store it in elastic search?
would I need to do anything in elasticsearch to consider the field and number?

jan · April 11, 2017, 5:20am

You can ingest messages via beats to Graylog and all that you done before is done with Graylog.

tkumark · April 11, 2017, 4:56pm

thank for the info can you please help me with how to setup file beat to send to Graylog and What needs to be configured in Graylog.

thanks

jochen · April 12, 2017, 6:27am

Simply configure your *Beat to send its message directly to Graylog (using the “logstash” output) and create a Beats input in Graylog.

You can also use the Graylog Collector Sidecar to manage the *Beat for you: http://docs.graylog.org/en/2.2/pages/collector_sidecar.html

tkumark · April 13, 2017, 4:18am

Thanks I did it with graylog collector sidecar method to manage the Beats.

I would like to know if there is any advantage or disadvantage going with directly with *Beat to Graylog than going with Sidecar to Graylog?

jan · April 13, 2017, 5:50am

@tkumark

with direct beat usage you are going to configure the beats on every system that sends the messages by yourself (or your configuration management) and with sidecar you can manage the configuration within the graylog web interface.

for me information read the documentation.

grayloglearn · June 9, 2017, 4:42am

Hi tkumark,

Can you please suggest with step by step procedure to get the apache logs. I have followed the below process.

Step 1) Installed the nxlog in centos
Step 2) installed the collector side car

Create the input as beats but no luck to get the logs.

Can you help me

khulfreedos · August 7, 2018, 11:15am

You can check this link. https://gist.github.com/GaryRogers/85c8f2a805010ceeccc6
I created a Graylog Input and have used rsyslog to forward the logs.

Topic		Replies	Views
Ingest apache error_logs into graylog Graylog Central (peer support)	2	610	October 28, 2018
Can someone tell me if I got this right? Graylog Central (peer support) sidecar , filebeat-linux , filebeat-windows , winlogbeat , nosendlogfblx	7	2413	April 21, 2020
Filebeat with apache2 configuration Graylog Central (peer support) sidecar	6	2805	December 1, 2020
Send apache log to graylog Graylog Central (peer support) sidecar , filebeat-linux , nosendlogfblx	9	20381	September 15, 2017
How to import apache logs to graylog Graylog Central (peer support) sidecar	36	12019	July 27, 2018

Setting up apache access logs and error logs in Graylog2

Related topics