This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
computing:linux:graylog [2021/08/23 10:45] gcooper |
computing:linux:graylog [2022/01/18 11:05] (current) gcooper |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Syslog with Graylog ====== | ====== Syslog with Graylog ====== | ||
- | |||
- | FIXME Unfinished | ||
**Excellent Documentation**: | **Excellent Documentation**: | ||
Line 9: | Line 7: | ||
**Install Graylog OSS on Ubuntu**: https:// | **Install Graylog OSS on Ubuntu**: https:// | ||
- | **Getting Started**: | + | **Getting Started**: |
**Getting Started Docs**: https:// | **Getting Started Docs**: https:// | ||
Line 30: | Line 28: | ||
**Archived data is stored in a compressed format on the Graylog server** or network file share. It is searchable via GREP, but must be reconstituted in Graylog in order to be searchable through the GUI again. | **Archived data is stored in a compressed format on the Graylog server** or network file share. It is searchable via GREP, but must be reconstituted in Graylog in order to be searchable through the GUI again. | ||
+ | |||
+ | ===== Upgrade ===== | ||
+ | |||
+ | We use '' | ||
+ | |||
+ | Show all '' | ||
+ | |||
+ | < | ||
+ | grep -r --include ' | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | apt update && apt dist-upgrade -y && apt autoremove -y && apt clean && reboot | ||
+ | </ | ||
===== Configuration ===== | ===== Configuration ===== | ||
Line 39: | Line 51: | ||
==== Syslog Input ==== | ==== Syslog Input ==== | ||
- | The first step to accept input is to create an '' | + | The first step to accept input is to create an '' |
- | It is recommended to configure the syslog '' | + | It is recommended to configure the syslog '' |
< | < | ||
Line 52: | Line 64: | ||
See also **[[networking: | See also **[[networking: | ||
- | === Send Linux Syslog === | + | ==== Create Index ==== |
+ | |||
+ | Indexes are how data is stored and rotated. | ||
+ | |||
+ | ==== Create Stream ==== | ||
+ | |||
+ | Stream Rules route or sort messages into indexes. | ||
+ | |||
+ | ===== Log Sources ===== | ||
+ | |||
+ | ==== Send Linux Syslog | ||
https:// | https:// |