Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » computing » linux » syslog
Trace:
computing:linux:syslog

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
computing:linux:syslog [2021/07/28 11:35]
gcooper 		computing:linux:syslog [2021/07/28 14:05] (current)
gcooper old revision restored (2015/03/16 14:25)
Line 1: Line 1:
-====== Syslog with Graylog ======+====== Linux Syslog ======
  
-FIXME Unfinished +FIXME Unfinished - Need modify for newer CentOS (rsyslog), test and verify
- +
-**Excellent Documentation**: https://docs.graylog.org/en/4.1/index.html +
- +
-**Installation**: https://docs.graylog.org/en/4.1/pages/installation/os/ubuntu.html#ubuntuguide +
- +
-**Install Graylog OSS on Ubuntu**: https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-20-04.html +
- +
-**Getting Started**: http://123.123.123.123:9000/gettingstarted +
- +
-**Getting Started Docs**: https://docs.graylog.org/en/4.1/pages/getting_started.html +
- +
-{{ :computing:linux:graylog_simple.png?direct&350|Simple Graylog Server}} +
- +
-Graylog is a web interface to your syslog server, and much more.  It is available in a free open source edition as well as commercial editions with  more features. +
- +
-**To scale well**, Graylog depends on: +
- +
-  * **Fast CPUs** (Graylog) +
-  * **Lots of RAM** (Elasticsearch) +
-  * **Fast storage** (Elasticsearch) +
- +
-**Activesearchable data is in memory** and easily lost. +
- +
-**Archived data is stored in a compressed format on the Graylog server** or network file share. It is searchable via GREP, but must be reconstituted in Graylog in order to be searchable through the GUI again. +
- +
-===== Configuration ===== +
- +
-The Graylog configuration file is ''/etc/graylog/server/server.conf''+
- +
-The Elasticsearch config file is: ''/etc/elasticsearch/elasticsearch.yml''+
- +
-==== Syslog Input ==== +
- +
-The first step to accept input is to create an ''Input'', probably syslog UDP and TCP. +
- +
-To accept input data on ports below 1024, we must either run Graylog as ''root'' or use redirection to a higher port. +
- +
-It is recommended to configure the syslog ''Input'' to accept traffic on UDP port 1514 and redirect traffic sent to UDP 514 to it. +
- +
-On Ubuntu 20.04: +
- +
-<file> +
-apt -y purge ufw && apt -y install iptables-persistent +
-iptables -F && iptables -Z +
-modprobe iptable_nat && echo 'iptable_nat' >> /etc/modules +
-iptables -t nat -A PREROUTING -p tcp --dport 514 -j REDIRECT --to 1514 +
-iptables -t nat -A PREROUTING -p udp --dport 514 -j REDIRECT --to 1514 +
-</file> +
- +
- +
-====== Older Syslog Info ======+
  
 Assumptions: Assumptions:
computing/linux/syslog.1627493734.txt.gz · Last modified: 2021/07/28 11:35 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki