We have a few inquiries and need you to confirm regarding Graylog as following questions.
Now we are using Graylog virtual appliance. we would like to know where does it keep the logs?
As we find more information, please confirm that the virtual appliance version is not suited to use as a production because it is unsecured?
If the virtual appliance is not suitable for use in the production. If we change to install to Linux with Elasticsearch and MongoDB included is that better use for the production or not? So can we follow the installation instruction by the link below?
We are really new to Graylog so it would be great to get to know more about Graylog. Anyway if you need more information from us, please kindly let us know.
@Tanawat
Iâm not familiar with OVA, we dont use that for our production. If you need to ask question or advice could you start a new post please. Maybe someone here would have those answers for you.
Thanks
@gsmith I donât think he needs to open up a new post for this since he and @Suebskul are from the same org, and since all of this is about the OVA, may as well just keep it all in one place.
Now we are using Graylog virtual appliance. we would like to know where does it keep the logs?
Graylog doesnât really âkeepâ the logs anywhere. Once a log message is ingested, itâs then stored in an Elasticsearch index. Those indices are stored on the filesystem, but the whole point of Graylog is that youâre not having to look at logs on a filesystem.
As we find more information, please confirm that the virtual appliance version is not suited to use as a production because it is unsecured?
The OVA just has a basic configuration to stand up Graylog. Itâs your responsibility as an operator to take all the necessary steps to secure a Graylog deployment. If youâre unsure about where to start, https://docs.graylog.org/en/4.0/pages/secure/securing.html covers securing Graylog. Elasticsearch and Mongodb both have their own security practices that youâll need to take into consideration as well, and both of those products have their recommended security practices documented.
If the virtual appliance is not suitable for use in the production. If we change to install to Linux with Elasticsearch and MongoDB included is that better use for the production or not? So can we follow the installation instruction by the link below?
Iâm not sure what you mean by âIf we change to install to Linux with Elasticsearch and MongoDB includedâ. If youâre looking at an AWS AMI or some other image that has this baked in, youâll have to secure it as well.
What your questions read like to me is that your organization doesnât have operational expertise around these technologies and youâre wanting a turnkey solution. If thatâs an accurate read, then youâll probably want to look at Graylogâs new hosted offering, which would minimize your need to deploy, care and feed your Graylog installation.
