Комментарии:
great video
ОтветитьBut 1514 is unencrypted right?, I mean syslog data are being sent "naked"? It means that network connection should be trustfull. Like separate VLAN or something?
ОтветитьDoes gray log provide functionality in addition to wazuh ? Or they are same.
ОтветитьThanks for the wonderful and easy to follow toturial. - Do you use Greylog at Lawrence Systems to collect logs for all of your clients (Fleet)?
ОтветитьGreat video, love the platform and install guide!
What variable can I use in the email notification template to see the source IP of the device that generated the log entry? I tried using ${field.src_ip} but it just shows blank in the email.
Saw in the latest docs that the virtual appliances is no longer available, neither able to find the OVA image.
Not sure if its possible to install this in docker on a mac setup.
Great job 🎉
ОтветитьAmazing information. Thanks!
How can I setup Graylog cluster with High Availability and scalable?
This is really nice. Thanks for sharing.
ОтветитьFor modern setups worth to mention
1) there is SSL support but in docker it needs to pass some additional environment vars and java keystore
2) new mongo releases need CPUs with AVX. This can be stopping factor
3) for times zones as I remember you need to add _ROOT_.
GRAYLOG_ROOT_TIMEZONE
Having multiple issues with docker compose erroring on the depends_on section of the YAML, first error is needs to be an array and then values need to be a string, any ideas ?
Ответитьvery helpful thank you
Ответитьhi good evening, very good works...please a question?...how do yo do your prompt console??? many thanks in advance
ОтветитьBUT
How do I make a cluster system with redundancy purposes
is any specific reason do you using opensearch instead elasticsearch ?
ОтветитьThis is very good!👏
Ответить@Lawrencesystems: did you get a new t-shirt? :)
ОтветитьI've more than 25 docker containers running on few different VMs, I'm no expert in docker but not really a newbie either
But starting Graylog? I just can't do it
The way they implemented the $USER is beyond my understanding
Keep getting stuck at this error when Graylog is starting:
ERROR org.graylog2.bootstrap.CmdLineTool - Couldn't load configuration: Properties file /usr/share/graylog/data/config/graylog.conf doesn't exist!
(And yes it exist, and it is mapped correctly)
I've tried to set user variables, tried to change directly the mounted directory ownership to 1100:1100
I've tried with other versions of docker-compose
Tried also changing the owner to docker:docker
Executed multiple times that "sudo usermod -aG docker $USER"
Rebooted the server, tried other mounting points that are not in the /home directory
Nothing works
Sorry but the Graylog docker image is broken for me (and no I'm not using snap docker package even tho I'm running on Ubuntu Server)
Thank you for the tutorial but sadly I might have to many skill issues to solve this
Great guide, thanks for the info. Tip for those who use proxmox as vm host. Put your CPU in Host mode as otherwise mongodb will not work.
ОтветитьWish you would do a install version of this on scale. It seems impossible to get it to work. Everyone and their mom is using yaml and scale doesn't.
ОтветитьIt’s odd I set this up and found that windows 11 default firewall blocks port 9000 so I thought it wasn’t working and then decided to try my phone and it was working except that some reason my password I placed was not working.
ОтветитьOne thing I cannot for the life of me figure out is how to use NFS to store the actual log data (opensearch). If you try and use docker-compose to store the data on an NFS volume, the container fails to launch as it seems the image is trying to run chown on the data storage directory, which I guess nfs doesn't allow.
ОтветитьDo a pipeline vidjayo
ОтветитьThanks for the video for deploying graylog. It seems your demo server has 8 core 4GB memory. I know it is for demo purpose. But how can I calcurate the necessary hardware resource for certain system ?
ОтветитьI may have done something wrong because messages are only hitting the very last stream/indices I created. In other words, PFsense was the first one created, and messages were hitting it. The last one I created was for a Cisco switch, and now no PfSense messages, but lots of messages to the Cisco switch. Any thoughts on this? Thanks!
Ответитьthis was such a fucking mess for me. Once I got permissions all figured out, I found out that mongo 5.0+ required hardware that apperantly my box didn't have, and then I tried to figure out compatability between all three, and i just gave up, it's not worth it for something to needless for me...
ОтветитьThanks for the video =)
ОтветитьHow about a video with a sidecar and windows logs?
ОтветитьMinor thing - I'd recommend adding an extra space to the beginning of the echo command at the early stage where you create the SHA256sum for the password - this stops the password being visible in that user's history. Minor thing but I've heard of history files being a juicy target like this.
ОтветитьNot sure why I keep getting the pwd variable is not set. defaulting to a blank string. Was able to get it running but don't see the web UI as well.
ОтветитьReally great video, thank you. Very clear, detailed and last but not least: usefull
ОтветитьThanks. Using Grayling but your video showed some great ways to modify it.
And love the glasses look!
So an index is just a way to do high level categorizing/grouping of data sets/sources?
ОтветитьThank you for making this video. I know we all copy and paste at times for expediency. However, to recommend that users do this, in a video, may enforce dangerous behaviors. Should people just have common sense and read the commands before they paste them? Yes, of course. But, hey, that's what we have disclaimers for. "If you feel confident in my instructions, and you are running this in a development environment, you can go ahead and copy and paste these commands into your terminal." Obviously, if your hat is really, really dark, making people dumber is obviously a worthwhile goal.
ОтветитьTom, is it recommended to use docker compose for production?
ОтветитьI did this as an assignment a few months before I graduated. I did not set it up on my own server at the time. Thanks for making this video!
ОтветитьWhat about Grafana & Prometheus? What are the differences?
Ответитьwhat about loki?
ОтветитьJust what I needed! Thanks Tom for all you hard work.
ОтветитьSeq is better…
ОтветитьIf we are using elastic search then what's the advantage with this tool? Why should we use it?
ОтветитьIs there any way to get UniFi Firewall logs into Graylog?
ОтветитьCan I attach any dashboard to greylog?
ОтветитьHey Tom, could you make a video about zabbix as a comparison. It has pre-defined templates and triggers for the most popular systems, linux, windows, firewalls, etc. Very powerful tool. I would love to see it on your channel. It comes containerized as well.
ОтветитьThis turns painful really quick if your processor doesn't support AVX.
ОтветитьWell done - thank you!
Ответить