Comments on How to Monitor Log Files with Graylog2 on Debian 9

Graylog is a free and open source log management tool based on Java, Elasticsearch and MongoDB that can be used to collect, index and analyze any server log from centralized location. You can easily monitor the SSH logins and unusual activity for debugging applications and logs using Graylog.

5 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Tomas
Reply  

How about MongoDB authentication? Do you think it's OK to allow unauthenticated connections to the database?

By: Martin Shaffer Levac
Reply  

Maybe mention in the prerequisites a minimum disk capacity.

Having followed the procedure on a very minimal specs' VM template, I ajusted to comply to your prerequisites but fell short on disk space within minutes after starting graylog with my 8GB  disk.

Thank You!

By: Rob Burton
Reply  

Hi, thanks for the tutorial! Is there another centralized log management system like NXLog https://nxlog.co/products/nxlog-community-edition - which provides high-performance and can even scale to thousands of servers?

By: Martin
Reply  

Some of the items you specifically ask us to set in /etc/graylog/server are commented out, should we uncomment those?

By: diablo666
Reply  

The sending log format is not, correctly interpretaed by graylog

# provides UDP syslog reception $ModLoad imudp $UDPServerRun 8514 $template GRAYLOGRFC5424,"%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msg%\n" *.* @192.168.0.187:8514;GRAYLOGRFC5424

I'm not sure 

$UDPServerRun 8514

Is really necessary.... anyway i've used this syntax, working like a charm

# provides UDP syslog reception $ModLoad imudp $UDPServerRun 8514 *.* @192.168.0.187:8514;RSYSLOG_SyslogProtocol23Format