Graylog Enterprise on FreeBSD

Hello!

I’m trying Graylog Enterprise Trial(since yesterday), but I can’t generate “Reports”. I tried execute /bin/headless_shell or /bin/chromedriver from Tarball, but this binaries are from Linux. I tried to run on Linux compatibility, but without success.

Where can I find this sources(headless_shell and chromedriver) to compile to FreeBSD 11.3?

Thank you!

OS: FreeBSD 11.3
Graylog Version: 3.3.0

how did you install Graylog? I’m the FreeBSD port maintainer, and the v3.3.0 update was committed a couple of days ago, but I’ve not personally tried installing enterprise. We can probably add this as a port option.

1 Like

he @chalfling

we include the chrome build that is only tested on linux - as this is the only supported OS we currently have. We are happy to help if possible, but based on the way the reports are generated at the moment you would need to enable your BSD to run those binaries or replace them with the binary that is available for your OS.

@skunkwerks - thank you for this port. If you need any help, let us know.

1 Like

Hi @skunkwerks
I’m using your port since 2018, thank you for that!

On the same day that Graylog 3.3.0 was released I changed your port Makefile and distinfo to install Graylog 3.3.0.

To install Graylog Enterprise the only need is to put two .jar files on plugin folder.
https://downloads.graylog.org/releases/graylog-enterprise/graylog-enterprise-plugins-3.3.0.tgz
https://downloads.graylog.org/releases/graylog-enterprise-integrations/graylog-enterprise-integrations-plugins-3.3.0.tgz

From extract theses .tgz I got graylog-plugin-enterprise-3.3.0.jar and graylog-plugin-enterprise-integrations-3.3.0.jar so I put on /usr/local/share/graylog/plugin/ together with the others .jar

@jan I think to BSD run Linux’s binaries in compatibility mode is a bad work around. I tried but I need to install several Linux’s libs and I don’t think this will work when I finish. Because of that I’m ask for this binaries source then a I could try native suport.

@jan I had a look and it’s easy to install the enterprise plugins by default in the port. From a licensing perspective, this seems to be OK - we are allowed to distribute the software.

Will people who are >5GiB data but choose not to get an enterprise license have any issues? I’m not in a position to test that.

If this is fine, we can update the port and everybody would be ready to go out of the box whether they are enterprise or not.

structure looks like this - only the /bin/ files are missing atm

/usr/local/etc/graylog/graylog.conf.example
/usr/local/etc/graylog/log4j2.xml.example
/usr/local/etc/rc.d/graylog
/usr/local/share/graylog/graylog.jar
/usr/local/share/graylog/plugin/graylog-plugin-aws-3.3.0.jar
/usr/local/share/graylog/plugin/graylog-plugin-collector-3.3.0.jar
/usr/local/share/graylog/plugin/graylog-plugin-enterprise-3.3.0.jar
/usr/local/share/graylog/plugin/graylog-plugin-enterprise-integrations-3.3.0.jar
/usr/local/share/graylog/plugin/graylog-plugin-integrations-3.3.0.jar
/usr/local/share/graylog/plugin/graylog-plugin-threatintel-3.3.0.jar
/usr/local/share/licenses/graylog-3.3.0/GPLv3+
/usr/local/share/licenses/graylog-3.3.0/LICENSE
/usr/local/share/licenses/graylog-3.3.0/catalog.mk

I think this will do the work!

he @skunkwerks

people with traffic above 5GB will get a warning in Graylog that the enterprise features are disabled because they are over the license limits.

For such a user it would be the best solution to remove the Enterprise license and restart Graylog.

Not sure how that works in FreeBSD but maybe you can give the option for include the Enterprise parts or exclude them?

Jan

My suggestion would be for the enterprise plugins to be part of a separate port/package. That way it can be installed optionally.

1 Like

I concur, it should be pretty easy just splitting up the port I made into two bits… hold my :beer:

2 Likes