Complete Guide: Configuring Graylog with Fluent Bit for Centralized Log Monitoring πŸš€

Graylog monitoring
Graylog monitoring

Here’s a complete setup guide for configuring Graylog with Fluent Bit, including all necessary configuration files to monitor different applications (Apache, Nginx, MySQL, System Logs, and more). πŸš€


πŸ”Ή Step 1: Install Graylog Server

Before configuring Fluent Bit, ensure Graylog is installed and running.
πŸ‘‰ Follow this guide: Install Graylog on CentOS/Ubuntu

Once installed, the Graylog Web UI should be accessible at:
πŸ“Œ http://your-graylog-server-ip:9000


πŸ”Ή Step 2: Install Fluent Bit on Your Servers

You need Fluent Bit on all servers that will send logs to Graylog.

πŸ–₯️ Install Fluent Bit on CentOS / RHEL

sudo yum install -y https://packages.fluentbit.io/centos/7/x86_64/fluent-bit-2.0.9-1.x86_64.rpm

🐧 Install Fluent Bit on Ubuntu / Debian

wget https://packages.fluentbit.io/debian/fluent-bit.gpg
sudo apt-key add fluent-bit.gpg
echo "deb https://packages.fluentbit.io/debian stable main" | sudo tee /etc/apt/sources.list.d/fluent-bit.list
sudo apt update && sudo apt install fluent-bit

πŸͺŸ Install Fluent Bit on Windows

Download MSI Installer from:
πŸ”— https://fluentbit.io/downloads/


πŸ”Ή Step 3: Configure Fluent Bit to Send Logs to Graylog

1️⃣ Open Fluent Bit Configuration

sudo nano /etc/fluent-bit/fluent-bit.conf

2️⃣ Fluent Bit Config File

πŸ“Œ Replace your-graylog-server-ip with your actual Graylog IP.

[SERVICE]
    Flush        5
    Log_Level    info

[INPUT]
    Name         tail
    Path         /var/log/*.log
    Tag          system_logs
    Parser       json

[INPUT]
    Name         tail
    Path         /var/log/nginx/access.log
    Tag          nginx_logs
    Parser       apache2

[INPUT]
    Name         tail
    Path         /var/log/mysql.log
    Tag          mysql_logs
    Parser       json

[FILTER]
    Name         grep
    Match        system_logs
    Regex        message .*error.*

[OUTPUT]
    Name         gelf
    Match        *
    Host         your-graylog-server-ip
    Port         12201
    Mode         udp

βœ… This setup includes:

  • System Logs (/var/log/*.log)
  • Nginx Logs (/var/log/nginx/access.log)
  • MySQL Logs (/var/log/mysql.log)
  • Filters only errors for system logs
  • Sends logs to Graylog via UDP (port 12201)

πŸ”Ή Step 4: Configure Graylog to Receive Fluent Bit Logs

1️⃣ Login to Graylog Web UI (http://your-graylog-server-ip:9000)
2️⃣ Go to System β†’ Inputs
3️⃣ Select GELF UDP and click Launch New Input
4️⃣ Enter:

  • Title: Fluent Bit Logs
  • Bind Address: 0.0.0.0
  • Port: 12201
  • Click Save

πŸš€ Graylog is now ready to receive Fluent Bit logs!


πŸ”Ή Step 5: Start Fluent Bit

sudo systemctl enable --now fluent-bit

πŸ”Ή Step 6: Verify Logs in Graylog

1️⃣ Go to Graylog Web UI
2️⃣ Click Search
3️⃣ Use this query to check system logs:

source:your-client-server-ip

4️⃣ You should see logs flowing in real-time! πŸŽ‰


πŸ”Ή Step 7: Configure Application-Specific Log Monitoring

πŸ“Œ Nginx Log Monitoring

Edit /etc/nginx/nginx.conf and enable access/error logs:

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

Add this Fluent Bit input:

[INPUT]
    Name         tail
    Path         /var/log/nginx/*.log
    Tag          nginx_logs
    Parser       apache2

πŸ“Œ Apache Log Monitoring

Edit /etc/httpd/conf/httpd.conf and enable logging:

CustomLog /var/log/apache2/access.log combined
ErrorLog /var/log/apache2/error.log

Fluent Bit config:

[INPUT]
    Name         tail
    Path         /var/log/apache2/*.log
    Tag          apache_logs
    Parser       apache2

πŸ“Œ MySQL Log Monitoring

Enable MySQL logging in /etc/mysql/my.cnf:

general_log_file = /var/log/mysql.log
general_log = 1

Fluent Bit config:

[INPUT]
    Name         tail
    Path         /var/log/mysql.log
    Tag          mysql_logs
    Parser       json

πŸ“Œ System Logs (Messages, Syslog, Secure)

Fluent Bit config:

[INPUT]
    Name         tail
    Path         /var/log/messages
    Tag          system_logs
    Parser       json

πŸš€ Step 8: Restart Services to Apply Changes

sudo systemctl restart nginx mysql fluent-bit

πŸ”₯ Final Summary

βœ… Installed Fluent Bit on all servers
βœ… Configured Fluent Bit to send logs to Graylog
βœ… Set up Graylog to receive logs
βœ… Configured logging for Nginx, Apache, MySQL, and system logs
βœ… Logs are now visible in Graylog Web UI πŸŽ‰

About Anant 443 Articles
Senior technical writer