All Questions
93 questions
Score of 0
0 answers
91 views
Why Graylog does not receive some security Windows logs
I collect logs from my Windows servers to Graylog. There is installed NXlog community edition on my servers and it sends logs to Graylog. I see all of them, but it is weird some security logs are not ...
Score of 0
0 answers
118 views
messages gone after migration from opensearch to datanode
Environnement :
Docker compose (Graylog 6.3 / Mongo 6.0.14)
migration from Opensearch 2.15 to Datanode 6.1 (documentation)
update from 6.1 to 6.3
I followed the documentation to migrate from ...
Score of 0
1 answer
718 views
Docker-compose rsync backup
I recently started working with docker-compose, and I'm currently in a situation where I need to upgrade the VM server. Unfortunately, I don't have access to the snapshot/restore option for certain ...
Score of 2
2 answers
360 views
How do we prevent accidental Graylog denial of service problems without multiple graylog instances?
Our original problem
Last year we had a problem where a rogue piece of software on one server spammed our central Graylog Server with so many messages that it caused problems for other applications.
...
Score of 1
0 answers
118 views
Kafka not stopping consumers when deleting group
I am sending logs from Logstash as the producer to Kafka and then consuming them from Graylog. This works as expected.
However, when stopping the Graylog input, thus sending a LeaveGroup request, the ...
Score of 0
1 answer
647 views
Stop filebeat sending copius metadata
I am sending data from local log files with filebeat to graylog and I am getting a 20x storage overhead compared to the original files. There are a large amount of metadata fields however I can't seem ...
Score of 1
0 answers
102 views
Certificate only works from client side, how do I debug something like this? (graylog/filebeat/JVM keystore)
I created 2 key-certificate pairs with the exact same method. However, while trying to setup TLS on my graylog server to a remote filebeat node, it does not successfully connect when trying to connect ...
Score of 0
1 answer
171 views
Multiple logging managers for different services, or one with multiple databases (graylog)
I am creating a logging infrastructure for a company with 2 unrelated services. Is it better to have:
a single graylog instance that routes the logs from the two services
to different elasticsearch ...
Score of 1
1 answer
154 views
Handle 150 req/s and 2TB of logs for 7 days of retention available by API
I would like to get advise from experienced people to build a HA infrastructure to log 2To of data in JSON format every week.
I need to have a retention time of 7 days and need to be able to requests ...
Score of 0
1 answer
611 views
Graylog - data from newest indice not returned on search
I have a Graylog server (newest version) collecting data from nginx. It´s been running for a while. I retrieve the collected data by querying my Elasticsearch cluster (v7 newest version) which ...
Score of 0
1 answer
487 views
does remote logging stops local logging
I'm using a Graylog server to centralize logs from network equipment and servers and I'm wondering if the Syslog service on the switches, windows machines, and other equipment, that service still ...
Score of 1
0 answers
533 views
Installing Graylog with Nxlog collector on a Windows DC: no service installed
I'm trying to install a NxLog collector on a Graylog client machine. The Graylog and associated infra (elastic and mongodb) is running just fine.
The install client is a Windows Server 2019 DC ("...
Score of 0
1 answer
804 views
Graylog Email Alert Password Not Working?
I recently changed my gmail password and changed the password in server.conf as well, but now graylog's email alerting fails with:
Sending the email to the following server failed : smtp.gmail.com:587 ...
Score of 1
1 answer
510 views
graylog 4.0 - Injector could not be created
Trying to set up graylog with official graylog2.graylog ansible role.
Installed Elasticsearch (v7.10.2) cluster on three separate servers with official elasticsearch ansible role (node_1 - master, ...
Score of 0
1 answer
770 views
Graylog fails to parse nginx access_log: JsonParseException: Unexpected character ('<' (code 60))
I've followed https://github.com/ronlut/graylog-content-pack-nginx-docker and Send NGINX logs to Graylog to try to get nginx logs into a graylog 4.1.5 server. Graylog is not displaying messages ...