Graylog: Your Comprehensive Guide to Getting Started Open Source Log Management

great video

But 1514 is unencrypted right?, I mean syslog data are being sent "naked"? It means that network connection should be trustfull. Like separate VLAN or something?

Does gray log provide functionality in addition to wazuh ? Or they are same.

Thanks for the wonderful and easy to follow toturial. - Do you use Greylog at Lawrence Systems to collect logs for all of your clients (Fleet)?

Great video, love the platform and install guide!

What variable can I use in the email notification template to see the source IP of the device that generated the log entry? I tried using ${field.src_ip} but it just shows blank in the email.

Saw in the latest docs that the virtual appliances is no longer available, neither able to find the OVA image.
Not sure if its possible to install this in docker on a mac setup.

Great job 🎉

Amazing information. Thanks!
How can I setup Graylog cluster with High Availability and scalable?

This is really nice. Thanks for sharing.

For modern setups worth to mention

1) there is SSL support but in docker it needs to pass some additional environment vars and java keystore
2) new mongo releases need CPUs with AVX. This can be stopping factor
3) for times zones as I remember you need to add _ROOT_.
GRAYLOG_ROOT_TIMEZONE

Having multiple issues with docker compose erroring on the depends_on section of the YAML, first error is needs to be an array and then values need to be a string, any ideas ?

very helpful thank you

hi good evening, very good works...please a question?...how do yo do your prompt console??? many thanks in advance

BUT
How do I make a cluster system with redundancy purposes

is any specific reason do you using opensearch instead elasticsearch ?

This is very good!👏

@Lawrencesystems: did you get a new t-shirt? :)

I've more than 25 docker containers running on few different VMs, I'm no expert in docker but not really a newbie either
But starting Graylog? I just can't do it
The way they implemented the $USER is beyond my understanding
Keep getting stuck at this error when Graylog is starting:
ERROR org.graylog2.bootstrap.CmdLineTool - Couldn't load configuration: Properties file /usr/share/graylog/data/config/graylog.conf doesn't exist!
(And yes it exist, and it is mapped correctly)

I've tried to set user variables, tried to change directly the mounted directory ownership to 1100:1100
I've tried with other versions of docker-compose
Tried also changing the owner to docker:docker

Executed multiple times that "sudo usermod -aG docker $USER"
Rebooted the server, tried other mounting points that are not in the /home directory
Nothing works

Sorry but the Graylog docker image is broken for me (and no I'm not using snap docker package even tho I'm running on Ubuntu Server)

Thank you for the tutorial but sadly I might have to many skill issues to solve this

Great guide, thanks for the info. Tip for those who use proxmox as vm host. Put your CPU in Host mode as otherwise mongodb will not work.

Wish you would do a install version of this on scale. It seems impossible to get it to work. Everyone and their mom is using yaml and scale doesn't.

It’s odd I set this up and found that windows 11 default firewall blocks port 9000 so I thought it wasn’t working and then decided to try my phone and it was working except that some reason my password I placed was not working.

One thing I cannot for the life of me figure out is how to use NFS to store the actual log data (opensearch). If you try and use docker-compose to store the data on an NFS volume, the container fails to launch as it seems the image is trying to run chown on the data storage directory, which I guess nfs doesn't allow.

Do a pipeline vidjayo

Thanks for the video for deploying graylog. It seems your demo server has 8 core 4GB memory. I know it is for demo purpose. But how can I calcurate the necessary hardware resource for certain system ?

I may have done something wrong because messages are only hitting the very last stream/indices I created. In other words, PFsense was the first one created, and messages were hitting it. The last one I created was for a Cisco switch, and now no PfSense messages, but lots of messages to the Cisco switch. Any thoughts on this? Thanks!

this was such a fucking mess for me. Once I got permissions all figured out, I found out that mongo 5.0+ required hardware that apperantly my box didn't have, and then I tried to figure out compatability between all three, and i just gave up, it's not worth it for something to needless for me...

Thanks for the video =)

How about a video with a sidecar and windows logs?

Minor thing - I'd recommend adding an extra space to the beginning of the echo command at the early stage where you create the SHA256sum for the password - this stops the password being visible in that user's history. Minor thing but I've heard of history files being a juicy target like this.

Not sure why I keep getting the pwd variable is not set. defaulting to a blank string. Was able to get it running but don't see the web UI as well.

Really great video, thank you. Very clear, detailed and last but not least: usefull

Thanks. Using Grayling but your video showed some great ways to modify it.

And love the glasses look!

So an index is just a way to do high level categorizing/grouping of data sets/sources?

Thank you for making this video. I know we all copy and paste at times for expediency. However, to recommend that users do this, in a video, may enforce dangerous behaviors. Should people just have common sense and read the commands before they paste them? Yes, of course. But, hey, that's what we have disclaimers for. "If you feel confident in my instructions, and you are running this in a development environment, you can go ahead and copy and paste these commands into your terminal." Obviously, if your hat is really, really dark, making people dumber is obviously a worthwhile goal.

Tom, is it recommended to use docker compose for production?

I did this as an assignment a few months before I graduated. I did not set it up on my own server at the time. Thanks for making this video!

What about Grafana & Prometheus? What are the differences?

what about loki?

Just what I needed! Thanks Tom for all you hard work.

Seq is better…

If we are using elastic search then what's the advantage with this tool? Why should we use it?

Is there any way to get UniFi Firewall logs into Graylog?

Can I attach any dashboard to greylog?

Hey Tom, could you make a video about zabbix as a comparison. It has pre-defined templates and triggers for the most popular systems, linux, windows, firewalls, etc. Very powerful tool. I would love to see it on your channel. It comes containerized as well.

This turns painful really quick if your processor doesn't support AVX.

Well done - thank you!