Here’s a complete setup guide for configuring Graylog with Fluent Bit, including all necessary configuration files to monitor different applications (Apache, Nginx, MySQL, System Logs, and more). π
πΉ Step 1: Install Graylog Server
Before configuring Fluent Bit, ensure Graylog is installed and running.
π Follow this guide: Install Graylog on CentOS/Ubuntu
Once installed, the Graylog Web UI should be accessible at:
π http://your-graylog-server-ip:9000
πΉ Step 2: Install Fluent Bit on Your Servers
You need Fluent Bit on all servers that will send logs to Graylog.
π₯οΈ Install Fluent Bit on CentOS / RHEL
sudo yum install -y https://packages.fluentbit.io/centos/7/x86_64/fluent-bit-2.0.9-1.x86_64.rpm
π§ Install Fluent Bit on Ubuntu / Debian
wget https://packages.fluentbit.io/debian/fluent-bit.gpg
sudo apt-key add fluent-bit.gpg
echo "deb https://packages.fluentbit.io/debian stable main" | sudo tee /etc/apt/sources.list.d/fluent-bit.list
sudo apt update && sudo apt install fluent-bit
πͺ Install Fluent Bit on Windows
Download MSI Installer from:
π https://fluentbit.io/downloads/
πΉ Step 3: Configure Fluent Bit to Send Logs to Graylog
1οΈβ£ Open Fluent Bit Configuration
sudo nano /etc/fluent-bit/fluent-bit.conf
2οΈβ£ Fluent Bit Config File
π Replace your-graylog-server-ip with your actual Graylog IP.
[SERVICE]
Flush 5
Log_Level info
[INPUT]
Name tail
Path /var/log/*.log
Tag system_logs
Parser json
[INPUT]
Name tail
Path /var/log/nginx/access.log
Tag nginx_logs
Parser apache2
[INPUT]
Name tail
Path /var/log/mysql.log
Tag mysql_logs
Parser json
[FILTER]
Name grep
Match system_logs
Regex message .*error.*
[OUTPUT]
Name gelf
Match *
Host your-graylog-server-ip
Port 12201
Mode udp
β This setup includes:
- System Logs (
/var/log/*.log) - Nginx Logs (
/var/log/nginx/access.log) - MySQL Logs (
/var/log/mysql.log) - Filters only errors for system logs
- Sends logs to Graylog via UDP (port 12201)
πΉ Step 4: Configure Graylog to Receive Fluent Bit Logs
1οΈβ£ Login to Graylog Web UI (http://your-graylog-server-ip:9000)
2οΈβ£ Go to System β Inputs
3οΈβ£ Select GELF UDP and click Launch New Input
4οΈβ£ Enter:
- Title: Fluent Bit Logs
- Bind Address:
0.0.0.0 - Port:
12201 - Click Save
π Graylog is now ready to receive Fluent Bit logs!
πΉ Step 5: Start Fluent Bit
sudo systemctl enable --now fluent-bit
πΉ Step 6: Verify Logs in Graylog
1οΈβ£ Go to Graylog Web UI
2οΈβ£ Click Search
3οΈβ£ Use this query to check system logs:
source:your-client-server-ip
4οΈβ£ You should see logs flowing in real-time! π
πΉ Step 7: Configure Application-Specific Log Monitoring
π Nginx Log Monitoring
Edit /etc/nginx/nginx.conf and enable access/error logs:
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
Add this Fluent Bit input:
[INPUT]
Name tail
Path /var/log/nginx/*.log
Tag nginx_logs
Parser apache2
π Apache Log Monitoring
Edit /etc/httpd/conf/httpd.conf and enable logging:
CustomLog /var/log/apache2/access.log combined
ErrorLog /var/log/apache2/error.log
Fluent Bit config:
[INPUT]
Name tail
Path /var/log/apache2/*.log
Tag apache_logs
Parser apache2
π MySQL Log Monitoring
Enable MySQL logging in /etc/mysql/my.cnf:
general_log_file = /var/log/mysql.log
general_log = 1
Fluent Bit config:
[INPUT]
Name tail
Path /var/log/mysql.log
Tag mysql_logs
Parser json
π System Logs (Messages, Syslog, Secure)
Fluent Bit config:
[INPUT]
Name tail
Path /var/log/messages
Tag system_logs
Parser json
π Step 8: Restart Services to Apply Changes
sudo systemctl restart nginx mysql fluent-bit
π₯ Final Summary
β
Installed Fluent Bit on all servers
β
Configured Fluent Bit to send logs to Graylog
β
Set up Graylog to receive logs
β
Configured logging for Nginx, Apache, MySQL, and system logs
β
Logs are now visible in Graylog Web UI π
