Graylog information inquiries

Daer all,

We have a few inquiries and need you to confirm regarding Graylog as following questions.

  1. Now we are using Graylog virtual appliance. we would like to know where does it keep the logs?

  2. As we find more information, please confirm that the virtual appliance version is not suited to use as a production because it is unsecured?

  3. If the virtual appliance is not suitable for use in the production. If we change to install to Linux with Elasticsearch and MongoDB included is that better use for the production or not? So can we follow the installation instruction by the link below?

https://docs.graylog.org/en/4.0/pages/installation/os/ubuntu.html

We are really new to Graylog so it would be great to get to know more about Graylog. Anyway if you need more information from us, please kindly let us know.

Thank you for your kind support.

@Suebskul
Hello and Welcome.

That type of installation is good for testing in my option. In our production environment we installed Graylog from the RPM package.

If your new to Graylog I would recommend you look over these first.

https://docs.graylog.org/en/4.0/pages/architecture.html

https://docs.graylog.org/en/4.0/pages/getting_started/planning.html#planning-your-log-collection

It really depends on your environment Graylog is going to be in.

Hope that helps

1 Like

Hello gsmith,

I’m Tanawat, Nice to meet you, I have a few inquiries and need you to confirm as following questions.

Now, I Installed Graylog (OVA) and I need to know for Graylog (OVA) how long can keep the file ?
and where is the path for keep file ?

and I can search log file on Web GUI or not ?

Thank you fro reply.

@Tanawat
I’m not familiar with OVA, we dont use that for our production. If you need to ask question or advice could you start a new post please. Maybe someone here would have those answers for you.
Thanks

1 Like

Thank you for your reply :slight_smile:

@gsmith I don’t think he needs to open up a new post for this since he and @Suebskul are from the same org, and since all of this is about the OVA, may as well just keep it all in one place.

@Suebskul @Tanawat I’ll answer the initial questions here:

Now we are using Graylog virtual appliance. we would like to know where does it keep the logs?

Graylog doesn’t really “keep” the logs anywhere. Once a log message is ingested, it’s then stored in an Elasticsearch index. Those indices are stored on the filesystem, but the whole point of Graylog is that you’re not having to look at logs on a filesystem.

As we find more information, please confirm that the virtual appliance version is not suited to use as a production because it is unsecured?

The OVA just has a basic configuration to stand up Graylog. It’s your responsibility as an operator to take all the necessary steps to secure a Graylog deployment. If you’re unsure about where to start, Securing Graylog — Graylog 4.0.0 documentation covers securing Graylog. Elasticsearch and Mongodb both have their own security practices that you’ll need to take into consideration as well, and both of those products have their recommended security practices documented.

If the virtual appliance is not suitable for use in the production. If we change to install to Linux with Elasticsearch and MongoDB included is that better use for the production or not? So can we follow the installation instruction by the link below?

I’m not sure what you mean by “If we change to install to Linux with Elasticsearch and MongoDB included”. If you’re looking at an AWS AMI or some other image that has this baked in, you’ll have to secure it as well.

What your questions read like to me is that your organization doesn’t have operational expertise around these technologies and you’re wanting a turnkey solution. If that’s an accurate read, then you’ll probably want to look at Graylog’s new hosted offering, which would minimize your need to deploy, care and feed your Graylog installation.

1 Like

@aaronsachs
Lesson learned, My apologies.

Dear @aaronsachs,

Thank you for your reply. Nice to meet you
I’m not good at English, but i will try my best to understand you.

We find more information by the link below
https://docs.graylog.org/en/4.0/pages/getting_started/planning.html

“Retention”

For “Most Graylog customers retain 30-90 days online (searchable in Elasticsearch) and 6-13 months of archives” What does it mean?

and we tried to log search and I found Error : While retrieving data for this widget, the following error(s) occurred: Detail as attached file

Why we can’t search log ?

Anyway if you need more information from us, please kindly let us know.

Thank you for your kind support.