Getting started with Graylog

Graylog Central (peer support)
, , ,
1

Hello Guys,

I am a Newbie to Graylog and want to get stated asap. I installed the Graylog OVA on an VM. I can access the Graylog via my browser.
Now a want to send LogData to the Server.

I have some applications that write LogFiles and I want to see this Data in my browser.

I have two application that write LogFiles on a Linux server an about 3 that write LogFiles on a Windwos 2012 Server.

What is the best way to start. What do I have to configure so that I can see all the LogMessages.

If you need any more informations just aks.

Best regards.

Andi

2

You have to ship these log messages to Graylog, for example by using a log shipper such as Filebeat, Winlogbeat, or NXLOG.

If you don’t want to configure these log shippers manually, you can use the Graylog Collector Sidecar:
http://docs.graylog.org/en/2.3/pages/collector_sidecar.html

Also make sure to read http://docs.graylog.org/en/2.3/pages/sending_data.html

3

Hello Jochen,

thx for your help. I will try the Graylog Collector Sidecar.
At the moment I have another Problem.

When I am trying to access the webinterface, this error occures.

Graylog is restarting...

There is no Graylog web application running at the moment, please reload this page in a minute. It can take 
up to 1-2 minutes until all services are running properly. In case this is a permanent error, check the 
following:

Check if all services are running - sudo graylog-ctl status shows an overview of all running services
Check for errors in log files - Relevant services write log files here: /var/log/graylog/*/current
Ask for help - If there is no way to fix the issue ask for help: https://github.com/Graylog2/graylog2-
images/issues

I checked all services an the first output I recieve is:

**sudo: unable to resolve host graylog**
run: elasticsearch: (pid 26821) 3s; run: log: (pid 792) 506931s
run: etcd: (pid 14909) 13828s; run: log: (pid 800) 506931s
run: graylog-server: (pid 819) 506931s, got TERM; run: log: (pid 793) 506931s
run: mongodb: (pid 14919) 13827s; run: log: (pid 801) 506931s
run: nginx: (pid 14923) 13827s; run: log: (pid 799) 506931s

Is there a way to reset the OVA to “default settings”?

4

You can use the following command for cleaning all custom configuration and data from the OVA:

# sudo graylog-ctl cleanse

See http://docs.graylog.org/en/2.3/pages/configuration/graylog_ctl.html#configuration-commands for details.

Also make sure to check the logs of the Graylog node for possible error and warning messages before cleaning:
http://docs.graylog.org/en/2.3/pages/configuration/file_location.html#omnibus-package

1 Like
5

Hello Jochen,

thanks for your tipps.

Can you help me with the nxlog config. I am trying to send Log-Messages from
/PATH/name.log to my graylog Server. I am talking about a application log so there is no standard structure.

I have already cared about Firewall Rules, that should work without any problems.

At the moment my nxlog.conf looks like this:

## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/docs/

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension _syslog>
    #Module      xm_syslog
	 Module		 xm_gelf			
</Extension>

<Input in>
    Module      im_msvistalog
# For windows 2003 and earlier use the following:
#   Module      im_mseventlog
</Input>

<Output out>
    Module      om_udp
    Host        172.20.42.15
    Port        514
    #Exec        to_syslog_snare();
	OutputType	GELF
</Output>

<Route 1>
    Path        in => out
</Route>

The Path to my log looks like this: 
C:\test\log\test\test.log

Thanks :slight_smile:

6

please read the NXLOG Documentation how you take your input file. In addition you could just search in the Forum how other solved that.

7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.