cat /etc/nginx/graylog.conf
log_format graylog_json escape=json '{ "timestamp": "$time_iso8601", '
'"remote_addr": "$remote_addr", '
'"body_bytes_sent": $body_bytes_sent, '
'"request_time": $request_time, '
'"response_status": $status, '
'"request": "$request", '
'"request_method": "$request_method", '
'"host": "$host",'
'"upstream_cache_status": "$upstream_cache_status",'
'"upstream_addr": "$upstream_addr",'
'"http_x_forwarded_for": "$http_x_forwarded_for",'
'"http_referrer": "$http_referer", '
'"http_user_agent": "$http_user_agent", '
'"http_version": "$server_protocol" }';
access_log syslog:server=logs.newsite.com:5046 graylog_json;
error_log syslog:server=log.newsite.com:5047;В конфиге nginx в секции http { } указываем:
include /etc/nginx/graylog.conf;В грейлоге создайте инпуты Syslog UDP и измените logs.newsite.com:5046 и logs.newsite.com:5047 на свой сервер и порт.