Hello,
I would like to use graylog to monitor my servers, i.e. monitor ram, disk space and cpu. I’m just at the beginning since I only have a graylog server (with elastcisearch and mongodb directly installed on it) and a web server that sends all these logs to graylog. Both are on debian 11.
I understand that for the monitoring I want, I need to install metricbeat, but I can’t figure out the installation and how it works. Do I have to install it on the graylog server? On my web server? Or on both? And is there any documentation that explains the configuration of the latter? Because I haven’t found it and I don’t know how to do it.
You would put/install metricbeat.exe on the server you want to monitor - you would then need to adjust the local sidecar.yml file to recognize it, then build a configuration in Graylog that you would apply to it once it was recognized in Graylog. There are a couple of other configuration questions about metricbeats in the community that you can search for to find configuration tips… for example
Thank for your help @tmacgbay
I don’t have any sidecar on my graylog server and when I read the documentation about it I have doubts. I have to configure a sidecar directly on my graylog server to connect metricbeat? And this won’t be a problem for the other logs that I already receive?
What version of Graylog are you using? Here are the the most recent docs on sidecar. What are your doubts? - Sidecar is the preferred method of getting logs from Beats and/or NXLog.
You can create a separate Beats Input for Metricbeats logs, and store them in a stream/index that is separate from other logs so it won’t affect your other logs.
You configure metricbeat locally on the server you want to monitor which give the metricbeat basic information for running as well as pointers to your Graylog server. Once it sees and connects to the Graylog server, you can then use the Graylog GUI to define what you want to monitor and push the configuration out to the server. Sidecar on in the Graylog GUI allows you to create one log capturing configuration and push it out to multiple servers for consistency. The doc explains it reasonably well…
Also I noticed that I have no active connection in my input for metricbeat. However, the connections seem to be adding up (I’m at 45 and growing), I don’t know if this is normal
It looks like CPU stats are coming in on the messages you posted (Along with some errors…) The entire thing looks to be in JSON format, you just need to pick out the details in the fields and build a dashboard for visuals.
Honestly I don’t use metricbeat, while it works, Graylog is not particularly efficient in that direction (IMHO) I use Librenms for monitoring and metrics like that… not hard to set up, doesn’t take a lot to run and pulls all info from SNMP… as long as you don’t mind SNMP.
