Hey @adrianrus
You may want to read this documentation.
Example:
Adding an appender and logger to the Log4j2 configuration file (log4j2.xml) as shown in the doc’s.
This example I’m using Nxlog with a input created to grab the log from restaccess.log noticed the names used " access". Side note Im using GELF TCP/TLS input so it auto creates the field SourceModuleName.
<Input access>
Module im_file
FILE "/var/log/graylog-server/restaccess.log"
SavePos TRUE
ReadFromLast TRUE
PollInterval 1
#Exec $Message = $raw_event;
</Input>
Results:
Widget:
NOTE: the restaccess.log file only shows the UUID of the user. So these must be turned into human readable data.
Or you can use the Graylog’s Operations/Enterprise edition. Under 2 Gb a day I believe its free.
EDIT:
I did some explaining here in Graylog Discord server.