Highest Voted 'graylog' Questions - Server Fault Stack Exchange

2

votes

0 answers

Keepalived forwarding UDP traffic to one node via NAT

I am having issues with load balancing UDP Syslog to my Graylog cluster nodes. At first everything seemed to work normal but it seems that traffic is flowing for 99% to one of the two nodes. I have two Ubuntu servers (18.04) running Keepalived…

keepalived graylog ipvs

asked Oct 05 '18 at 11:34

Robert

121
6

2

votes

1 answer

Server currently unavailable for Ubuntu 16.04

Background I have an Ubuntu 16.04 clean VM, and I am trying to install the latest version of graylog on it. Unfortunately, it is failing. What did I do? First I created a clean VM with the afore mentioned OS. Then I followed the official…

azure ubuntu-16.04 graylog

asked May 15 '18 at 10:09

Flame_Phoenix

131
1
6

2

votes

2 answers

Graylog: Fields from Pipeline rule not showing up in search data

I'm trying out Graylog for system logs and Snort alerts. I've followed the example here to get my snort alerts into Graylog and then proceeded to add another Stream, Pipeline and Rule for a separate IDS log source. I basically copied the Snort…

graylog

asked Dec 27 '16 at 15:41

Server Fault

3,454
7
48
88

2

votes

3 answers

Forwarding logs from rsyslog to graylog over tls

I'm trying to forward logs from rsyslog to graylog over tls. rsyslog configuration: # make gtls driver the default $DefaultNetstreamDriver gtls # # # certificate files $DefaultNetstreamDriverCAFile…

centos7 tls rsyslog x509 graylog

asked Oct 07 '16 at 07:22

Zombaya

123
1
5

2

votes

2 answers

How to securely send logs from your application?

I am currently setting up logging with graylog for my system and have a problem, that the logs can potentially contain sensitive information. The standard behaviour is to send the logs unencrypted via UDP to prevent the application from blocking. Is…

security logging graylog

asked Feb 22 '16 at 08:06

mryvlin

153
5

2

votes

1 answer

Graylog extractor for comma separated key value pairs

I think I'm just not understanding or missing a core concept of graylog and its extractors. I just want to take my key value pairs that are comma delimited and break them out into respective fields. Sample Log Message 2016-01-22 18:04:05,639 -…

graylog

asked Jan 22 '16 at 18:32

The Digital Ninja

754
4
10
25

2

votes

1 answer

Forward pfsenselogs to graylog

I was wondering if it is possible to forward pfsense logs (including snort) to a graylog2 server? And how can this be acomplished?

pfsense graylog

asked Oct 29 '15 at 17:42

Daniel Guldberg Aaes

401
1
7
13

2

votes

1 answer

How to forward arbitrary files to graylog2 with rsyslog

I have some random files that I would like to collect and forward to my logging server. These are applications that don't really support GELF, so I am trying to forward these files with rsyslog: # Apache access log input(type="imfile"…

logging rsyslog graylog

asked May 02 '14 at 23:23

Goro

654
3
9
18

2

votes

1 answer

How much of hardware resource is required for Graylog2?

We've mounted a graylog2 dedicated server (with a rails unicorn, mongodb and eleasticsearch) on a virtual machine with 2gigs of ram a couple days ago. RAM Consumption just keeps climbing, I am getting high consumption alert quite frequently. I'm…

mongodb elasticsearch graylog

asked Feb 07 '13 at 16:34

Raphael

69
2
11

2

votes

1 answer

Disk / system configuration for log collection / syslog server

I am looking into building a syslog / logging infrastructure and am pondering about some architecture best practices. Essentially, I see that a syslog system needs to support two conflicting workloads: log collection. Potentially massive streams of…

syslog mongodb graylog elasticsearch

asked Sep 09 '12 at 13:24

Konrads

860
2
20
38

2

votes

1 answer

Fixing severity on graylog2 web interface

I am using logstash to collect logs from a group of webapps and send them to graylog2 for centralized viewing. I have the following filter for tokenizing: grok { type => "webapps" pattern => "^%{TIME:timestamp}…

graylog logstash

asked Jun 13 '12 at 18:23

Lee Lowder

440
1
5
17

2

votes

4 answers

Centralising Logfiles - Sending via TCP, versus SAN replication?

We have several (20+) application servers spread across multiple data-centres. We need to centralise the logfiles and monitor them from a single box. Requirements: Large logfiles, in the order of 5-10 Gb per day, per application - so there could be…

logging storage-area-network graylog

asked Jan 14 '12 at 02:20

victorhooi

515
3
11
20

2

votes

1 answer

When to use a new index in Graylog (Elasticsearch)?

I have been searching for days now to find a good explanation on how indices are used by Graylog/Elasticsearch and when to create a new one. There is a lot of info about sharding indices but not much about the indices themselves apart from that they…

elasticsearch graylog indexes

asked May 16 '21 at 11:53

Holly

133
7

1

vote

0 answers

Graylog correlation rules original messages

I’m using Graylog V3.1.2 with an enterprise plugin. I created a correlation rule that triggers alert whenever two events occur. When I’m looking at the “All events” stream and find the correlation event in the origin_context property I’m getting…

graylog

asked Nov 10 '19 at 13:42

Tomer

111
2

1

vote

0 answers

syslog udp load balancing and failover with keepalived

I have a simple two host graylog cluster for which i need to load balance udp syslog traffic, I'm using keepalived, floating ip and load balancing work perfectly, but it still directs traffic to all nodes even to those on which healthcheck failed, i…

load-balancing failover udp keepalived graylog

asked Aug 07 '19 at 12:47

maniel

11
1

Questions tagged [graylog]