@@LAWRENCESYSTEMS Thank you for your reply man! Do you know where you could possibly point me in the right direction - I have been chasing my tail any insight would be greatly appreciated.
I have been a linux admin for about as long as linux admins have been a thing, but I have managed to avoid Docker for some reason. I saw that this was on docker and it was a project I wanted to try... my first instinct was "No, find the source" but I decided to give it a shot. Thanks for making this really easy.
Minor thing - I'd recommend adding an extra space to the beginning of the echo command at the early stage where you create the SHA256sum for the password - this stops the password being visible in that user's history. Minor thing but I've heard of history files being a juicy target like this.
Must have paused and rewound the video about 100 times but got my pfsense logs flowing to a graylog testbed as per this video. Requested a login acct as "mark" on your Forum to post some further questions. Great video.
14:08 you can mark, that new user with own timezone will be see logs with corrected time and mark diff that admin see utc. This video is better then previous. Good job and I hope you create a video about extractors.
Thanks for the updated tutorial! I set up graylog using docker compose a few months back, and followed the old video for the in-app setup part. It's great for folks to have an up-to-date version of the instructions. For anyone looking to set this up - inevitably some servers will disagree about the timezone, so even if you set your user and timezone correctly, its worth having a pipeline that can adjust a source between UTC and local time.
I'm just guessing but maybe making sure the timezone set in the docker compose environment variable matches that of the server docker is running on is a good place to start. :)
I'd really like to use it but the fact that "log view" is behind the enterprise version paywall is just insane. will stay with Grafana Loki as logs are just so much easier to read there - such a shame for homelab users like me.
Great quick tutorial! However the part I am most struggling with is the connection between inputs, streams, indices and extractors. A comprehensive overview of the architectural model of Graylog would be much appreciated.
Strange, last night I finally got around to starting work on testing a Graylog server. noticed your instructions were for V4, and decided I would do get the docker image working today.. now Look at this! what timing.
Thank you for making this video. I know we all copy and paste at times for expediency. However, to recommend that users do this, in a video, may enforce dangerous behaviors. Should people just have common sense and read the commands before they paste them? Yes, of course. But, hey, that's what we have disclaimers for. "If you feel confident in my instructions, and you are running this in a development environment, you can go ahead and copy and paste these commands into your terminal." Obviously, if your hat is really, really dark, making people dumber is obviously a worthwhile goal.
Thanks for the great tutorial! I would be interested in a discussion about Sentry - an open source tool for catching unhandled exceptions, collecting related context data and alerting the developers. It seems that some of this logic can be implemented with Graylog, and I was wondering whether it makes sense to use both systems, or if one would suffice.
Maybe I missed it but I don't think you mentioned the pros/cons of installing via docker instead of a "normal" install. I'd also be interested in your opinion on graylog vs loki/grafana. Also you're using opensearch and I think elastic was my only option when I set this up and I'm not a fan of elastic -- would be interested in hearing why you chose opensearch. I have graylog running in a proxmox vm that I set up years ago. Struggled to get it setup and configured, I have some ongoing issues where some feeds have accurate times and others have their timestamps in a different timezone, but it feels like such a headache to configure as a hobbyist who doesn't work with it daily. I know there's a lot more I could be getting out of it, but right now it basically sits as a "well if something goes terribly wrong i can search graylog" and that's about the extent of the value I get from it. Thinking about switching to loki/grafana in the hopes the config is easier for someone who doesn't interact with it daily where currently any changes I want to make mean I'm going to spend hours researching the syntax or formatting for graylog. It's 100% lack of familiarity on my part combined with user error but the thought of having to make changes to graylog gives me a headache.
Docker is easier to use and maintain for Graylog, the Elasitic licence changes as I understand them makes OpenSeach a better choice, Loki looks much more complicated to configure.
@@LAWRENCESYSTEMS Thanks Tom! I found Graylog's youtube channel has a video on migrating from elastic to Opensearch so it looks like that might be in my future. Sounds like my hopes on Loki won't likely pan out then haha.
@Lawrencesystems Tom, Have you used the SIEM product (Graylog Security) before. I'm interested in a platform like that to help with cyber threats. Do have any other suggestions as far as an SIEM log platform?
Very cool video! I'll definitely be watching it! If I may make a request for another video: could you do one on Fluentbit/Fluentd? (I never know what to call it). It's always been such a headache for me to get back into the config logic once something decides to break again, but it's otherwise been working so perfectly for us! I'd love to see your take on it and see if I missed anything.
Thanks for the recommendations! Was a bit finicky but got it running on my proxmox cluster and ingesting logs from the xigmanas box now! nice to have logs I can search instead of losing on reboot. Anyone else going thru the install make sure you set the CPU up to at least x86_64_v3 for the intruction set for mongodb. Took me a bit to find the error.
One thing I cannot for the life of me figure out is how to use NFS to store the actual log data (opensearch). If you try and use docker-compose to store the data on an NFS volume, the container fails to launch as it seems the image is trying to run chown on the data storage directory, which I guess nfs doesn't allow.
I have the exact same problem. Did you ever fix? Are you using TrueNAS to serve the NFS? I am- I believe the solution is either dataset permissions or the NFS share mapping. Have read a bunch on NFS permissions and I cannot seem to figure this out.
@@charlescc1000I never did, no, but I didn't spend a ton of time trying as it wasn't that critical. I suspect the best approach would be to tweak the docker image so it doesn't try and fiddle with ownership/permissions.
But 1514 is unencrypted right?, I mean syslog data are being sent "naked"? It means that network connection should be trustfull. Like separate VLAN or something?
Having multiple issues with docker compose erroring on the depends_on section of the YAML, first error is needs to be an array and then values need to be a string, any ideas ?
This was a great tutorial, Thank you. Do you know if its possible to have Graylog record information on each of the TCP sessions from PFsense firewall, for example, how many bytes sent/received for each TCP session, and if the TCP session ended with FIN or RST ?
I've more than 25 docker containers running on few different VMs, I'm no expert in docker but not really a newbie either But starting Graylog? I just can't do it The way they implemented the $USER is beyond my understanding Keep getting stuck at this error when Graylog is starting: ERROR org.graylog2.bootstrap.CmdLineTool - Couldn't load configuration: Properties file /usr/share/graylog/data/config/graylog.conf doesn't exist! (And yes it exist, and it is mapped correctly) I've tried to set user variables, tried to change directly the mounted directory ownership to 1100:1100 I've tried with other versions of docker-compose Tried also changing the owner to docker:docker Executed multiple times that "sudo usermod -aG docker $USER" Rebooted the server, tried other mounting points that are not in the /home directory Nothing works Sorry but the Graylog docker image is broken for me (and no I'm not using snap docker package even tho I'm running on Ubuntu Server) Thank you for the tutorial but sadly I might have to many skill issues to solve this
Hey Tom, could you make a video about zabbix as a comparison. It has pre-defined templates and triggers for the most popular systems, linux, windows, firewalls, etc. Very powerful tool. I would love to see it on your channel. It comes containerized as well.
Saw in the latest docs that the virtual appliances is no longer available, neither able to find the OVA image. Not sure if its possible to install this in docker on a mac setup.
Hello Tom! I managed to setup this just like you. I use version 5.1. Is there a guide or is there a way you can help to setup the SSL certs so I can use a https?
@16:35 - why does graylog don't have template extractors (plus make it auto detect) for standard stuff: windows.linux-pc/laptops/servers, mac, pfsense, etc...?
Great video, love the platform and install guide! What variable can I use in the email notification template to see the source IP of the device that generated the log entry? I tried using ${field.src_ip} but it just shows blank in the email.
i'm trying to find a way to have it alert me when dhcp leases are given out for new MAC addresses on the network, i have this working via syslog-ng and a bash script but if i can do through the GUI in Greylog that would be great
It’s odd I set this up and found that windows 11 default firewall blocks port 9000 so I thought it wasn’t working and then decided to try my phone and it was working except that some reason my password I placed was not working.
Hey Tom, thanks for your amazing videos! Small request, would it be possible to raise the volume on your videos, I find it even with my speakers cranked to to max I still have a hard time hearing you. (If it's too loud for someone they can always reduce volume vs raising isn't always possible).
Thanks for the video for deploying graylog. It seems your demo server has 8 core 4GB memory. I know it is for demo purpose. But how can I calcurate the necessary hardware resource for certain system ?
Zabbix is not a log server, Prometheus is not really a log server, and I don't think ELK Stack is open source anymore. Maybe I should do a video on monitoring vs logging.
@@LAWRENCESYSTEMSI think your focus is wrong on this because ipv6 has many advantages and we will have to move to it anyway, so better be up to date sooner than later
I may have done something wrong because messages are only hitting the very last stream/indices I created. In other words, PFsense was the first one created, and messages were hitting it. The last one I created was for a Cisco switch, and now no PfSense messages, but lots of messages to the Cisco switch. Any thoughts on this? Thanks!
Clean install of Ubuntu 22.04. Graylog container wont start. Stays in thee 'starting' status. I then instead install graylog natively with opensearch and mongo. Runs without issue. Something wrong with the compose file maybe?
@@LAWRENCESYSTEMS awesome! I’ve seem companies say “use this for testing and not production” so it’s good to hear that’s not the case here! Like you mentioned on HLS, using docker compose is an easy way to not worry about Linux distro for your apps! Lol
@@LAWRENCESYSTEMS I didn't put specific IP yet on the syslog. May I know what is the command to show the syslog were I can input the switch ip or if there's a guide on how to add switches and router in graylog. I really need your help sir. Thanks
Great video - I used your compose file and i get this "mongodb exited with code 132" every time I try to run docker-compose up. I can't find any errors - It runs on proxmox in a ubuntu 22.04 LTS VM. any ideas ?
@@LAWRENCESYSTEMS Looking forward to it. Been struggling to implement that for my org, and can't find a useful tutorial for implementing sidecar with Graylog containorized
My Graylog 5 Forum Post with commands
lawrence.video/graylog5
Do you know of a way to get the Wazuh4.4.1 docker deployment {using their cert generator} along side with graylog5.0?
@@fxdtech I do not.
@@LAWRENCESYSTEMS Thank you for your reply man! Do you know where you could possibly point me in the right direction - I have been chasing my tail any insight would be greatly appreciated.
@@fxdtech I don't use it so I don't know
Quick Question: What shell is that? I like the wrapping around for the command.
Tom, thank you. This is what makes you stand out. You dont explain only how but also why. So many things now people write a guide only on how.
I would vote that once the technology exists and is safe, we clone Tom first!
I have been a linux admin for about as long as linux admins have been a thing, but I have managed to avoid Docker for some reason. I saw that this was on docker and it was a project I wanted to try... my first instinct was "No, find the source" but I decided to give it a shot.
Thanks for making this really easy.
Minor thing - I'd recommend adding an extra space to the beginning of the echo command at the early stage where you create the SHA256sum for the password - this stops the password being visible in that user's history. Minor thing but I've heard of history files being a juicy target like this.
Yeah, good point for sure. Running though the bash history is a great info gathering technique.
@@LAWRENCESYSTEMS I think I learned that method on your channel actually, you guys are doing God's work here that's for sure
Great tip as I was wondering how to avoid that opsec issue after looking the my history
Great guide, thanks for the info. Tip for those who use proxmox as vm host. Put your CPU in Host mode as otherwise mongodb will not work.
I did this as an assignment a few months before I graduated. I did not set it up on my own server at the time. Thanks for making this video!
Must have paused and rewound the video about 100 times but got my pfsense logs flowing to a graylog testbed as per this video. Requested a login acct as "mark" on your Forum to post some further questions.
Great video.
So Tom really just made the video to get his shirt fixed. I knew he didn't just make videos for education alone! 😂
Graylog will probably just send him a patch.
And an excellent exchange of about 20 hours to make the video in exchange for a shirt, too
This was great. Thank you Lawrence for taking the time to do this for us. I for one am adding this to the list of things to build this weekend.
14:08 you can mark, that new user with own timezone will be see logs with corrected time and mark diff that admin see utc.
This video is better then previous. Good job and I hope you create a video about extractors.
and, where you have a extractors for unifi ?
Thanks for the updated tutorial! I set up graylog using docker compose a few months back, and followed the old video for the in-app setup part. It's great for folks to have an up-to-date version of the instructions. For anyone looking to set this up - inevitably some servers will disagree about the timezone, so even if you set your user and timezone correctly, its worth having a pipeline that can adjust a source between UTC and local time.
I'm just guessing but maybe making sure the timezone set in the docker compose environment variable matches that of the server docker is running on is a good place to start. :)
I'd really like to use it but the fact that "log view" is behind the enterprise version paywall is just insane.
will stay with Grafana Loki as logs are just so much easier to read there - such a shame for homelab users like me.
Fantastic tutorial, Tom. I'd love to see how to bring in pfBlocker logs into Graylog.
Great quick tutorial! However the part I am most struggling with is the connection between inputs, streams, indices and extractors. A comprehensive overview of the architectural model of Graylog would be much appreciated.
I was literally about to go over your previous video for exactly this. Great video as always! Thanks Tom!
Ubuntu redirecting Apt Get commands to Snap Install is so dishonest. Want to promote snap, fine. Lying to the user should not be tolerated.
One of the reasons I moved all my servers to debian
@@cranil This is the way. Moving to community based distros is going to be the way to go for a lot of people
Thanks. Using Grayling but your video showed some great ways to modify it.
And love the glasses look!
Thank you Tom , awesome video ... graylog looks very interesting as a centralized logging solution
Strange, last night I finally got around to starting work on testing a Graylog server. noticed your instructions were for V4, and decided I would do get the docker image working today.. now Look at this! what timing.
Thank you for making this video. I know we all copy and paste at times for expediency. However, to recommend that users do this, in a video, may enforce dangerous behaviors. Should people just have common sense and read the commands before they paste them? Yes, of course. But, hey, that's what we have disclaimers for. "If you feel confident in my instructions, and you are running this in a development environment, you can go ahead and copy and paste these commands into your terminal." Obviously, if your hat is really, really dark, making people dumber is obviously a worthwhile goal.
Haven't watched the video YET.... But love the "tutorial" image on the thumbnail. Nice touch!
Thanks for the great tutorial! I would be interested in a discussion about Sentry - an open source tool for catching unhandled exceptions, collecting related context data and alerting the developers. It seems that some of this logic can be implemented with Graylog, and I was wondering whether it makes sense to use both systems, or if one would suffice.
Just what I needed! Thanks Tom for all you hard work.
Maybe I missed it but I don't think you mentioned the pros/cons of installing via docker instead of a "normal" install. I'd also be interested in your opinion on graylog vs loki/grafana. Also you're using opensearch and I think elastic was my only option when I set this up and I'm not a fan of elastic -- would be interested in hearing why you chose opensearch. I have graylog running in a proxmox vm that I set up years ago. Struggled to get it setup and configured, I have some ongoing issues where some feeds have accurate times and others have their timestamps in a different timezone, but it feels like such a headache to configure as a hobbyist who doesn't work with it daily. I know there's a lot more I could be getting out of it, but right now it basically sits as a "well if something goes terribly wrong i can search graylog" and that's about the extent of the value I get from it. Thinking about switching to loki/grafana in the hopes the config is easier for someone who doesn't interact with it daily where currently any changes I want to make mean I'm going to spend hours researching the syntax or formatting for graylog. It's 100% lack of familiarity on my part combined with user error but the thought of having to make changes to graylog gives me a headache.
Docker is easier to use and maintain for Graylog, the Elasitic licence changes as I understand them makes OpenSeach a better choice, Loki looks much more complicated to configure.
@@LAWRENCESYSTEMS Thanks Tom! I found Graylog's youtube channel has a video on migrating from elastic to Opensearch so it looks like that might be in my future. Sounds like my hopes on Loki won't likely pan out then haha.
TOM IS BACK WITH THE GOODS!
Very useful video, THX Lawrence .
super awesome video, I'm a huge fan of graylog.
Finnnnnnalllly the notification I’ve been waiting for
@Lawrencesystems
Tom, Have you used the SIEM product (Graylog Security) before. I'm interested in a platform like that to help with cyber threats. Do have any other suggestions as far as an SIEM log platform?
We use Blumira th-cam.com/video/5dytu5YW0LY/w-d-xo.htmlsi=LmRTQTgeaT-4otYk
Very cool video! I'll definitely be watching it! If I may make a request for another video: could you do one on Fluentbit/Fluentd? (I never know what to call it). It's always been such a headache for me to get back into the config logic once something decides to break again, but it's otherwise been working so perfectly for us! I'd love to see your take on it and see if I missed anything.
So an index is just a way to do high level categorizing/grouping of data sets/sources?
great tutor, i see the workflow and what it can do.
Great video, good job
This is really nice. Thanks for sharing.
Thanks for the recommendations! Was a bit finicky but got it running on my proxmox cluster and ingesting logs from the xigmanas box now! nice to have logs I can search instead of losing on reboot. Anyone else going thru the install make sure you set the CPU up to at least x86_64_v3 for the intruction set for mongodb. Took me a bit to find the error.
One thing I cannot for the life of me figure out is how to use NFS to store the actual log data (opensearch). If you try and use docker-compose to store the data on an NFS volume, the container fails to launch as it seems the image is trying to run chown on the data storage directory, which I guess nfs doesn't allow.
I have the exact same problem. Did you ever fix? Are you using TrueNAS to serve the NFS? I am- I believe the solution is either dataset permissions or the NFS share mapping. Have read a bunch on NFS permissions and I cannot seem to figure this out.
@@charlescc1000I never did, no, but I didn't spend a ton of time trying as it wasn't that critical. I suspect the best approach would be to tweak the docker image so it doesn't try and fiddle with ownership/permissions.
Great video! I would love to see a comparison of Graylog and ELK stack.
I don't think ELK Stack is not open source anymore and I don't use it so not likely to happen.
I thought we should not install and use docker-compose anymore, but use the docker compose command in the newer versions of docker?
But 1514 is unencrypted right?, I mean syslog data are being sent "naked"? It means that network connection should be trustfull. Like separate VLAN or something?
In the demo I was sending logs unencrypted to that port. Graylog supports some encrypted protocols forlogs but not all devices support sending them.
Amazing information. Thanks!
How can I setup Graylog cluster with High Availability and scalable?
go2docs.graylog.org/5-0/setting_up_graylog/multi-node_setup.html
Having multiple issues with docker compose erroring on the depends_on section of the YAML, first error is needs to be an array and then values need to be a string, any ideas ?
my exact problem ... did you manage to sort the array thing?
This was a great tutorial, Thank you. Do you know if its possible to have Graylog record information on each of the TCP sessions from PFsense firewall, for example, how many bytes sent/received for each TCP session, and if the TCP session ended with FIN or RST ?
Maybe with netflow, I have not tried.
7:30 How does one sign up for MailHop? Looks like their website is just a page stating there's no website. 😅
Really great video, thank you. Very clear, detailed and last but not least: usefull
I was getting some "depends_on" errors when trying to run the docker-compose
I fixed it by using "docker compose" instead of "docker-compose" command
Thank you! I was having the same problem.
thank you much man.
I've more than 25 docker containers running on few different VMs, I'm no expert in docker but not really a newbie either
But starting Graylog? I just can't do it
The way they implemented the $USER is beyond my understanding
Keep getting stuck at this error when Graylog is starting:
ERROR org.graylog2.bootstrap.CmdLineTool - Couldn't load configuration: Properties file /usr/share/graylog/data/config/graylog.conf doesn't exist!
(And yes it exist, and it is mapped correctly)
I've tried to set user variables, tried to change directly the mounted directory ownership to 1100:1100
I've tried with other versions of docker-compose
Tried also changing the owner to docker:docker
Executed multiple times that "sudo usermod -aG docker $USER"
Rebooted the server, tried other mounting points that are not in the /home directory
Nothing works
Sorry but the Graylog docker image is broken for me (and no I'm not using snap docker package even tho I'm running on Ubuntu Server)
Thank you for the tutorial but sadly I might have to many skill issues to solve this
Hey Tom, could you make a video about zabbix as a comparison. It has pre-defined templates and triggers for the most popular systems, linux, windows, firewalls, etc. Very powerful tool. I would love to see it on your channel. It comes containerized as well.
Yesss, would love to see a containerized walkthrough of Zabbix
Saw in the latest docs that the virtual appliances is no longer available, neither able to find the OVA image.
Not sure if its possible to install this in docker on a mac setup.
Hello Tom!
I managed to setup this just like you. I use version 5.1.
Is there a guide or is there a way you can help to setup the SSL certs so I can use a https?
I have a video on HAProxy which is how I use it, but any reverse proxy should be fine.
Thank you kind sir!@@LAWRENCESYSTEMS
Hi Tom, as always, such a great tutorial. Thanks so much 🫶
Glad you enjoyed it!
@16:35 - why does graylog don't have template extractors (plus make it auto detect) for standard stuff: windows.linux-pc/laptops/servers, mac, pfsense, etc...?
Well done - thank you!
Great video, love the platform and install guide!
What variable can I use in the email notification template to see the source IP of the device that generated the log entry? I tried using ${field.src_ip} but it just shows blank in the email.
It varies based on the field each log uses to store that. Their forums are a great resource for those details.
Just set it up, super easy! now who knows where I can find a json for unifi extractors?!?
Graylog here for:
Syslog: pfsense, unifi, synology nas.
Netflow: pfsense
Works great 👍
Awesome!, now i know what i am setting up tomorrow :)
Great job 🎉
Is there a way to set this up over https? I want greylog itself to have the https cert.
How do I bind the web GUI port to an external IP so I can access it over the web?
hi good evening, very good works...please a question?...how do yo do your prompt console??? many thanks in advance
github.com/lawrencesystems/dotfiles
i'm trying to find a way to have it alert me when dhcp leases are given out for new MAC addresses on the network, i have this working via syslog-ng and a bash script but if i can do through the GUI in Greylog that would be great
Not sure why I keep getting the pwd variable is not set. defaulting to a blank string. Was able to get it running but don't see the web UI as well.
This is very good!👏
If we are using elastic search then what's the advantage with this tool? Why should we use it?
I find graylog easier to manage and setup compared to Elastic
@@LAWRENCESYSTEMS thanks
It’s odd I set this up and found that windows 11 default firewall blocks port 9000 so I thought it wasn’t working and then decided to try my phone and it was working except that some reason my password I placed was not working.
Hey Tom, thanks for your amazing videos! Small request, would it be possible to raise the volume on your videos, I find it even with my speakers cranked to to max I still have a hard time hearing you. (If it's too loud for someone they can always reduce volume vs raising isn't always possible).
My volume is at where it should be for TH-cam
Great video! What terminal are you using? Looks awesome
It's on my GitHub
@@LAWRENCESYSTEMS What is it under because I'm not seeing it?
Does gray log provide functionality in addition to wazuh ? Or they are same.
Wazuh is more focused on security.
Can anyone tell me which one is best for log managment between Graylog, Wazuh and ELK? Mainly for Windows servers and Mikrotik routers.
Great video.
@Lawrencesystems: did you get a new t-shirt? :)
yup!
very helpful thank you
Thanks for the video for deploying graylog. It seems your demo server has 8 core 4GB memory. I know it is for demo purpose. But how can I calcurate the necessary hardware resource for certain system ?
It depends on how much data you are sending
Thanks for the video =)
maybe you can compare Graylog to other open source systems?
Like which one?
@@LAWRENCESYSTEMS Maybe Prometheus + Grafana, Zabbix or ELK Stack
Zabbix is not a log server, Prometheus is not really a log server, and I don't think ELK Stack is open source anymore. Maybe I should do a video on monitoring vs logging.
@@LAWRENCESYSTEMSGrafana Loki.
@@AlexKidd4Fun It's much more complex to configure and I don't use it so not likely I would do a video on it.
Great Video, but why are you not dealing with IPv6? The world is 33% based IPv6 and growing. So anyone with a IPv6 extractor that work?
I don't use IPV6
@@LAWRENCESYSTEMSWhy not? I think your already great videos would be even more useful.
@@kristiankrautwald8074 I just don't have a use case for it at this time
@@LAWRENCESYSTEMSI think your focus is wrong on this because ipv6 has many advantages and we will have to move to it anyway, so better be up to date sooner than later
@@jb5631 you forget the part where YT channels are a business
Why would I want to configure smtp logging for graylog?
I may have done something wrong because messages are only hitting the very last stream/indices I created. In other words, PFsense was the first one created, and messages were hitting it. The last one I created was for a Cisco switch, and now no PfSense messages, but lots of messages to the Cisco switch. Any thoughts on this? Thanks!
You have a setting incorrect in the stream rule
What about Grafana & Prometheus? What are the differences?
Grafana & Prometheus are for metrics collection and not logs.
@@LAWRENCESYSTEMS Thanks for clearing that out. Love your channel btw, keep up the good work!
Is it overkill for home server loging and alerting? Cheers?
great video
Wish you would do a install version of this on scale. It seems impossible to get it to work. Everyone and their mom is using yaml and scale doesn't.
I don't have an interest in trying to make it work with their system. If you really want it working in Scale I would run it as a VM.
How weird. I was just trying to get Graylog running in Docker on my Synology this morning.
Would like to see how the logs can be redirected to another mnt drive. The quick explanation did not work.
Is there any way to get UniFi Firewall logs into Graylog?
Clean install of Ubuntu 22.04.
Graylog container wont start. Stays in thee 'starting' status. I then instead install graylog natively with opensearch and mongo. Runs without issue. Something wrong with the compose file maybe?
Same issue. I see a lot of logs running but it doesn't get up.
As I said in the video, make sure you are not using the SNAP version of Docker.
@@LAWRENCESYSTEMS I’m not. Docker is installed via apt
@@LAWRENCESYSTEMS I did not. Just forgot the -d behind docker-compose up.
Same here. I thought it was just me, but no, docker installed via apt, clean ubuntu 22.04 vm installed on my proxmox server.
Tom, is it recommended to use docker compose for production?
Yes
@@LAWRENCESYSTEMS awesome! I’ve seem companies say “use this for testing and not production” so it’s good to hear that’s not the case here! Like you mentioned on HLS, using docker compose is an easy way to not worry about Linux distro for your apps! Lol
is any specific reason do you using opensearch instead elasticsearch ?
It's what they default to probably because of potential license issues
Hi. Can you help mo sir how can I add router and switches in the graylog for me to monitor my network
Graylog collects SYSLOG. Have your switches send their SYSLOG data there.
@@LAWRENCESYSTEMS I didn't put specific IP yet on the syslog. May I know what is the command to show the syslog were I can input the switch ip or if there's a guide on how to add switches and router in graylog. I really need your help sir. Thanks
@@benchymarquez2963 every router has it's own way but the goal is to have them send it to Graylog
BUT
How do I make a cluster system with redundancy purposes
Follow the guide on their site go2docs.graylog.org/5-0/setting_up_graylog/multi-node_setup.html
What the f, i gave my graylog vm the same static last octet as you did by coincidence, only difference is mine uses 49 as octet 3
Did you get a new shirt though?
Yes, they did send me one!
any reason why greylog instead of elastic?
Fully open source, easier to use, and more flexible.
Great video - I used your compose file and i get this "mongodb exited with code 132" every time I try to run docker-compose up. I can't find any errors - It runs on proxmox in a ubuntu 22.04 LTS VM. any ideas ?
Nope, I just built a new VM with the latest Ubuntu and could not get the same error.
@@LAWRENCESYSTEMS Weird - but thanks for trying - Thanks for your answer 🙂
You may need to pass AVX CPU extension to the VM (if your host CPU supports it). MongoDB 5+ requires it.
@@xbb Thanks more than a million - That was the solution - It booted up right away after that - YOU ARE A CHAMP
@@xbb how do you do that? I'm running into this issue as sell
How about a video with a sidecar and windows logs?
Eventually
@@LAWRENCESYSTEMS Looking forward to it. Been struggling to implement that for my org, and can't find a useful tutorial for implementing sidecar with Graylog containorized
What happened at 16:14?
That's how you get the message to create an extractor from
Does Lawrence System have a vpn tutorial for mobile clients (including android 12 / 13)?
This turns painful really quick if your processor doesn't support AVX.
Processors have supported AVX since 2011
@@LAWRENCESYSTEMS hey not everybody has the shiniest newest stuff. *cries with X5650*
what about loki?
More complex to configure but is still a popular solution
Can I attach any dashboard to greylog?
I don't understand the question.