I have an nginx (1.12.1) server running on VPS#1 and I have Graylog running on VPS#2. All sys + nginx logs are sent to Graylog.
To get nginx working I've had to install the nginx content pack from Graylog Marketplace.
I had to add the following to nginx.conf:
log_format graylog2_format '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for" <msec=$msec|connection=$connection|connection_requests=$connection_requests|millis=$request_time>';
access_log syslog:server={redacted}:12301 graylog2_format;
error_log syslog:server={redacted}:12302;
I followed the instructions and everything works like it should. I receive all logs from nginx.
What I want to do now is also send along the header X-API-KEY, that nginx receives, to Graylog.
I've tried adding "$http_x_api_key"
to log_format
in nginx.conf, like so:
log_format graylog2_format '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_x_api_key" "$http_referer" "$http_user_agent" "$http_x_forwarded_for" <msec=$msec|connection=$connection|connection_requests=$connection_requests|millis=$request_time>';
But this results in none of the nginx logs to be sent to Graylog.
What else can I try?