Where save log files?

Uporaba · December 5, 2018, 9:48am

HI all, where graylog save (on server) logs which sent him nginx?

Totally_Not_A_Robot · December 5, 2018, 10:24am

All data sent to Graylog is stored in ElasticSearch.

Uporaba · December 5, 2018, 10:26am

i know this, but i need default path or name file

Totally_Not_A_Robot · December 5, 2018, 10:28am

No. You don’t.

There is no path of filename.

The logs are INSIDE ElasticSearch.

Uporaba · December 5, 2018, 10:29am

Okay, but can i see any ip address which send nginx in log?

Totally_Not_A_Robot · December 5, 2018, 10:34am

To summarize: Graylog centrally collects, stores and queries log data. Your systems will be configured to send their logging to Graylog, which will parse it and store it inside ElasticSearch. From the Graylog GUI you can query all the logs that have been stored, searching on specific fields and values.

If your NginX logs are sent to Graylog and if they contain the data that you want to see, then yes you can see this data in Graylog.

Okay, but can i see any ip address which send nginx in log?

I am having trouble understanding what you are asking for. Do you want:

IP addresses that are part of NginX log files?
IP addresses of the NginX hosts that have sent log files?
IP addresses of hosts, where the word “nginx” was part of the log message?

EDIT : removed some bluntless from my post, sorry.

Uporaba · December 5, 2018, 10:39am

i want to see where elastic save logs which send nginx, and find in log any ip address without web interface
P.S- sorry for stupid explanation but english is not my native language

Totally_Not_A_Robot · December 5, 2018, 10:41am

You CANNOT just grep in the Elastic files. ElasticSearch is a database. The log messages that are received and stored are thrown in a big data lake. If you’re running an ElasticSearch cluster, you will even see that the data is spread across nodes and not present on all hosts!

So you HAVE TO go through Graylog, or through ElasticSearch’s own search engine.

EDIT:
Go look for yourself.

/var/lib/elasticsearch/nodes/*/ and move downwards from there. That’s where the running ElasticSearch stores it’s indices. Run an ls -lRrt /var/lib/elasticsearch/nodes/* for all I care You won’t find files that you can grep against.

Uporaba · December 5, 2018, 10:43am

Okay, thanks for the help

macko003 · December 5, 2018, 8:55pm

You can use Elasticsearch or Graylog api to search in logs. So you can avoid to use web interface.
Or you can use elasticdump, but in this case I suggest use rsyslog insterd of Graylog.

system · December 19, 2018, 8:56pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog Messages Graylog Central (peer support)	4	315	December 10, 2018
The location of syslog logs? Graylog Central (peer support)	3	1391	January 30, 2019
Graylog data export and location Graylog Central (peer support)	3	2984	February 21, 2019
Where are Graylog logs stored in a VM? Graylog Central (peer support)	4	391	July 7, 2022
Where graylog store rhe Recived logs-files Graylog Central (peer support)	5	421	November 2, 2020

Where save log files?

Related Topics