Dear Graylog group.
I am new to Graylog, sorry if my questions may look very basic . With your
help (thanks a lot) , I have managed to setup Graylog and collect IIS logs .
IIS logs are now index inmy Graylog and of course I would like to collect
some info.
As a sysadmin my dream is to have a nice dashboard per web server which
will output info like top client ip address , http response code etc ....
.
As advised by Graylog contextual help I try to search with command
source:my web AND http_responde_code:400 .
I have no real search results. I have many fieds and the best way I have
found to retrieve data logs is based on cs_referer . source:mywebserver
cs-Referer: 200 .
Questions :
1. Is my way of indexing IIS log with NXlog efficient. ? Maybe there is an
issue with my filed mapping ? .
2 .Which field do you use to gather from the log http response code ? How
do you proceed within Graylog ?.
Short sample of my IIS log Fields nxlog.conf
Fields $date, $time, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query,
$s-port, $cs-username, $c-ip, $csUser-Agent, $cs-Referer, $sc-status,
$sc-substatus, $sc-win32-status, $time-taken
FieldTypes string, string, string, string, string, string, integer,
string, string, string, string, integer, integer, integer, integer
3. Is there a template/plugin for montoring IIS log ?
Thanks a lot for your time.
Guillaume.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/ed076c29-71af-4686-9b89-226b8221d000%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
