Graylog: Your Comprehensive Guide to Getting Started Open Source Log Management

Ubuntu redirecting Apt Get commands to Snap Install is so dishonest. Want to promote snap, fine. Lying to the user should not be tolerated.

keyboard_g

So Tom really just made the video to get his shirt fixed. I knew he didn't just make videos for education alone! 😂

Zaf

Minor thing - I'd recommend adding an extra space to the beginning of the echo command at the early stage where you create the SHA256sum for the password - this stops the password being visible in that user's history. Minor thing but I've heard of history files being a juicy target like this.

davocc

I'd really like to use it but the fact that "log view" is behind the enterprise version paywall is just insane.
will stay with Grafana Loki as logs are just so much easier to read there - such a shame for homelab users like me.

ChrisHolzer

Tom, thank you. This is what makes you stand out. You dont explain only how but also why. So many things now people write a guide only on how.

richardahlquist

I have been a linux admin for about as long as linux admins have been a thing, but I have managed to avoid Docker for some reason. I saw that this was on docker and it was a project I wanted to try... my first instinct was "No, find the source" but I decided to give it a shot.
Thanks for making this really easy.

ketatgenhorst

But 1514 is unencrypted right?, I mean syslog data are being sent "naked"? It means that network connection should be trustfull. Like separate VLAN or something?

domantlen

Great guide, thanks for the info. Tip for those who use proxmox as vm host. Put your CPU in Host mode as otherwise mongodb will not work.

thorismud

Maybe I missed it but I don't think you mentioned the pros/cons of installing via docker instead of a "normal" install. I'd also be interested in your opinion on graylog vs loki/grafana. Also you're using opensearch and I think elastic was my only option when I set this up and I'm not a fan of elastic -- would be interested in hearing why you chose opensearch. I have graylog running in a proxmox vm that I set up years ago. Struggled to get it setup and configured, I have some ongoing issues where some feeds have accurate times and others have their timestamps in a different timezone, but it feels like such a headache to configure as a hobbyist who doesn't work with it daily. I know there's a lot more I could be getting out of it, but right now it basically sits as a "well if something goes terribly wrong i can search graylog" and that's about the extent of the value I get from it. Thinking about switching to loki/grafana in the hopes the config is easier for someone who doesn't interact with it daily where currently any changes I want to make mean I'm going to spend hours researching the syntax or formatting for graylog. It's 100% lack of familiarity on my part combined with user error but the thought of having to make changes to graylog gives me a headache.

beepboopbeepboop

Hello Tom!

I managed to setup this just like you. I use version 5.1.

Is there a guide or is there a way you can help to setup the SSL certs so I can use a https?

peturdimitrov

7:30 How does one sign up for MailHop? Looks like their website is just a page stating there's no website. 😅

Runegar

14:08 you can mark, that new user with own timezone will be see logs with corrected time and mark diff that admin see utc.
This video is better then previous. Good job and I hope you create a video about extractors.

SiBex_ovh

One thing I cannot for the life of me figure out is how to use NFS to store the actual log data (opensearch). If you try and use docker-compose to store the data on an NFS volume, the container fails to launch as it seems the image is trying to run chown on the data storage directory, which I guess nfs doesn't allow.

rpungello

Having multiple issues with docker compose erroring on the depends_on section of the YAML, first error is needs to be an array and then values need to be a string, any ideas ?

mode

Fantastic tutorial, Tom. I'd love to see how to bring in pfBlocker logs into Graylog.

moelassus

I did this as an assignment a few months before I graduated. I did not set it up on my own server at the time. Thanks for making this video!

NameThievery

Is there a way to set this up over https? I want greylog itself to have the https cert.

josh-rxly

Haven't watched the video YET.... But love the "tutorial" image on the thumbnail. Nice touch!

mt_kegan

Thanks for the recommendations! Was a bit finicky but got it running on my proxmox cluster and ingesting logs from the xigmanas box now! nice to have logs I can search instead of losing on reboot. Anyone else going thru the install make sure you set the CPU up to at least x86_64_v3 for the intruction set for mongodb. Took me a bit to find the error.

derekp

Thanks. Using Grayling but your video showed some great ways to modify it.

And love the glasses look!

eduitguy