Hi,
we are using the custom access log format to log structured data(JSON) into elasticsearch so we can query the log entries by field, which is much safer than to use full text matches.
The setup looks like this:
nginx in docker container > docker gelf logging driver > graylog2 server > json extractor > elasticsearch
We would really like to have the same config option for error logs as well, so we can see the errors of a request with the same query we use to get the access log entries.
Our access log configuration:
log_format json '{'
'"@timestamp": "$time_iso8601", '
'"@version": "1", '
'"clientip": "$remote_addr", '
'"tags": ["proxy"], '
'"remote_user": "$remote_user", '
'"bytes": $bytes_sent, '
'"duration": $request_time, '
'"status": $status, '
'"request": "$request_uri", '
'"urlpath": "$uri", '
'"urlquery": "$args", '
'"method": "$request_method", '
'"referer": "$http_referer", '
'"useragent": "$http_user_agent", '
'"software": "nginx", '
'"version": "$nginx_version", '
'"host": "$host", '
'"upstream": "$upstream_addr", '
'"upstream-status": "$upstream_status"'
'}';
access_log /dev/stdout json;
Example of a solution for our request:
log_format json'{'
'"@timestamp": "$time_iso8601", '
'"@version": "1", '
'"clientip": "$remote_addr", '
'"tags": ["proxy"], '
'"remote_user": "$remote_user", '
'"bytes": $bytes_sent, '
'"duration": $request_time, '
'"status": $status, '
'"request": "$request_uri", '
'"error": "$error", ' <---- added
'"error_level": "$error_level", ' <---- added
'"urlpath": "$uri", '
'"urlquery": "$args", '
'"method": "$request_method", '
'"referer": "$http_referer", '
'"useragent": "$http_user_agent", '
'"software": "nginx", '
'"version": "$nginx_version", '
'"host": "$host", '
'"upstream": "$upstream_addr", '
'"upstream-status": "$upstream_status"'
'}';
access_log /dev/stdout json;
error_log /dev/stdout warn json;
Thanks in advance,
Nico Schieder