I had some trouble with Logstash and Nginx (all running on Docker). On my docker-compose file i was trying to enable logging from Nginx container to Logstash:
nginx:
container_name: nginx
image: nginx:latest
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./nginx/.htpasswd:/etc/nginx/.htpasswd
- ./nginx/sites-enabled/:/etc/nginx/sites-enabled/
ports:
- "80:80"
logging:
driver: "gelf"
options:
gelf-address: "udp://127.0.0.1:5001"
depends_on:
- kibana
networks:
- elk
And this is my logstash.conf:
input {
udp {
port => 5001
type => "nginx"
codec => plain {
charset => "ISO-8859-1"
}
}
}
Everthing working, but on Kibana i'am get something like this:
type:nginx message:ÿÀmkÜ8à¿"æSÂùEc½ØR>áH n¡¥u1³òÈ+bËÁvÒ¥¥ÿ½ÏoøämOkX!pY÷<DúØò纽¯÷PÀ~Y·cXxßibð®©ÐvÊÊ:QHû!¾K[¿ÐV7GãÆ£ÿH)åÑÃÃ'QÓ¸ÓH»x<^k¬°¡¥VÊD/ë¯4ÏTJ¯wâ9嫸vv°úVüûþ>ó>?¥£6ª7O§çBÌéÅ·õVÜ_¶uáºm*Y)ÛØ Ñÿ)Òj£ÚJÙDePÀÞZÞÁ£1Øu¦U®BWÀÌ<·a]Ê#xÈSÊWQNb$^Ö,Öï !¬ù yÒ¢n£4F`¢µg©Ï(£±ÎÆrp5SÝYÇHf®qPÀÖ|Pʼ yJù ac:xDWJUJ{Bã±õª°UÒ:¥ô7(`HM<¤<ìjõ]pôm+ ¤Q«æÌMÛ]`dkñJ6VvRéHFíI«è !-4ñiað§¯~¦÷ ÀCÔ-bÆèàÏßÿÿ=¬bp host:172.18.0.1 @version:1 @timestamp:March 6th 2019, 18:22:19.191 _id:OyeZU2kBwNJDhqLcJRYd _type:doc _index:nginx _score: -
Any ideas? p.s. Sorry for my terrible English
