We already have a central log server where we can collect logs of Docker containers. It is very common to run web servers running in containerized ecosystems. In this tutorial I show you how you can parse access logs of NGINX or Apache with syslog-ng. I also describe how visualizing NGINX access logs in Kibana can be achieved.
This simplified guide to logging Docker to Elasticsearch shows you how to send logs of containers into Elastic. Although there are many tutorials on to logging Docker to Elasticsearch, this one is different from all as it uses syslog-ng. Visualize them on a nice dashboard in Kibana. And you can download it all at the end of the post!
Update: I moved the chapters about parsing and visualizing NGINX / Apache access logs in Kibana into a dedicated post / github repo.
Your home network might already contain some devices or systems like a home server, a WiFi router, a media player, or home automation system. It is a best practice creating a central syslog server and storing logs of various sources in one place.
Update: The fail2ban and GeoIP related contents have been merged into post visualizing Fail2ban logs in Kibana.
This post will cover the basics. Creating a central log server and receiving logs from an OpenWRT device. Please note that you can do many more. See the other posts I created in this subject.
- Storing local logs of host operating system,
- Storing logs from OpenWRT based network devices,
- Parsing Fail2ban logs to get GeoIP data,
- To logging Docker to Elasticsearch,