Dear Graylog group.
I am new to Graylog, sorry if my questions may look very basic . With your
help (thanks a lot) , I have managed to setup Graylog and collect IIS logs .
IIS logs are now index inmy Graylog and of course I would like to collect
some info.
As a sysadmin my dream is to have a nice dashboard per web server which
will output info like top client ip address , http response code etc ....
.
As advised by Graylog contextual help I try to search with command
source:my web AND http_responde_code:400 .
I have no real search results. I have many fieds and the best way I have
found to retrieve data logs is based on cs_referer . source:mywebserver
cs-Referer: 200 .
Questions :
1. Is my way of indexing IIS log with NXlog efficient. ? Maybe there is an
issue with my filed mapping ? .
2 .Which field do you use to gather from the log http response code ? How
do you proceed within Graylog ?.
Short sample of my IIS log Fields nxlog.conf
Fields $date, $time, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query,
$s-port, $cs-username, $c-ip, $csUser-Agent, $cs-Referer, $sc-status,
$sc-substatus, $sc-win32-status, $time-taken
FieldTypes string, string, string, string, string, string, integer,
string, string, string, string, integer, integer, integer, integer
3. Is there a template/plugin for montoring IIS log ?
Thanks a lot for your time.
Guillaume.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/ed076c29-71af-4686-9b89-226b8221d000%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
