If you think graylog only responsible for a management tool for log collection, it would be too young too naive. Log collection is only the most basic of graylog usage, graylog have a lot of practical usage of advanced data cleaning and processing.
I start from this period will come to tell you something about graylog advanced usage, this time to talk about how to get nginx log source IP location information Geoip library Levin
- Obtain location information of the source IP
(1) In the navigation bar System / the Configurations -> Geo-the Location Processor , click the update button
(2) Click Enable Geo-Location processor box, fill in the file path to the Path to the MaxMind database text box
(3) execute the script, download MaxMind of geoip database server to graylog
#!/bin/bash cd /etc/graylog/server/ &&\ wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz &&\ gunzip GeoLite2-City.mmdb.gz test -f /etc/graylog/server/GeoLite2-City.mmdb &&\ service graylog-server restart
(4) Click the navigation bar Search , View nginx related logs, you can find graylog has been automatically generates location information of the source remote_addr
