@gsmith I don’t think he needs to open up a new post for this since he and @Suebskul are from the same org, and since all of this is about the OVA, may as well just keep it all in one place.
@Suebskul @Tanawat I’ll answer the initial questions here:
Now we are using Graylog virtual appliance. we would like to know where does it keep the logs?
Graylog doesn’t really “keep” the logs anywhere. Once a log message is ingested, it’s then stored in an Elasticsearch index. Those indices are stored on the filesystem, but the whole point of Graylog is that you’re not having to look at logs on a filesystem.
As we find more information, please confirm that the virtual appliance version is not suited to use as a production because it is unsecured?
The OVA just has a basic configuration to stand up Graylog. It’s your responsibility as an operator to take all the necessary steps to secure a Graylog deployment. If you’re unsure about where to start, Securing Graylog — Graylog 4.0.0 documentation covers securing Graylog. Elasticsearch and Mongodb both have their own security practices that you’ll need to take into consideration as well, and both of those products have their recommended security practices documented.
If the virtual appliance is not suitable for use in the production. If we change to install to Linux with Elasticsearch and MongoDB included is that better use for the production or not? So can we follow the installation instruction by the link below?
I’m not sure what you mean by “If we change to install to Linux with Elasticsearch and MongoDB included”. If you’re looking at an AWS AMI or some other image that has this baked in, you’ll have to secure it as well.
What your questions read like to me is that your organization doesn’t have operational expertise around these technologies and you’re wanting a turnkey solution. If that’s an accurate read, then you’ll probably want to look at Graylog’s new hosted offering, which would minimize your need to deploy, care and feed your Graylog installation.