We already have a central log server where we can collect logs of Docker containers. It is very common to run web servers running in containerized ecosystems. In this tutorial I show you how you can parse access logs of NGINX or Apache with syslog-ng. I also describe how visualizing NGINX access logs in Kibana can be achieved.
This simplified guide to logging Docker to Elasticsearch shows you how to send logs of containers into Elastic. Although there are many tutorials on to logging Docker to Elasticsearch, this one is different from all as it uses syslog-ng. Visualize them on a nice dashboard in Kibana. And you can download it all at the end of the post!
Update: I moved the chapters about parsing and visualizing NGINX / Apache access logs in Kibana into a dedicated post. I hope it will improve readability of both subjects.
Your home network might already contain some devices or systems like a home server, a WiFi router, a media player, or home automation system. It is a best practice creating a central syslog server and storing logs of various sources in one place.
In this post I will show you the way of creating a central syslog server and comply with use cases like:
- Storing local logs of host operating system,
- Storing logs from OpenWRT based network devices,
- Parsing Fail2ban logs to get GeoIP data,
- To logging Docker to Elasticsearch,
- And possibly visualizing Fail2ban logs in Kibana.