I am a new system administrator that will be working with Graylog, however, I do have some questions on some situations that I need to debug quickly:
How do you debug a DoS or similar attack?, the think is that we hold several sites on one server so, querying gets a little messy, and identifying one of these attacks gets hard.
Are they any good ways to tag certain ‘anomalies’, programming language exceptions or other useful debugging information?, for example, if I have a request for nginx that generated an exception so, it returned server error as a response, how can I ‘link’ these together so I can debug successfully?.
Thank you in advance for looking into my question, looking to learn the most of this amazing tool!
One way would be is to monitor you Firewall. See if multiple different IP addresses connected to specific port/s or IP is connecting to contiguous port/s and the connection is timing out. This really depends on your environment variables. Graylog can do a lot in monitoring your environment, specially firewall and routers.
Happy New Year, and greetings @Minall. @gsmith As always, I appreciate your feedback and thought leadership on the best path along learning Graylog. Curious if this question applies to general questions regarding Graylog rather than Documentation Campfire, where the aim is to detect and fix issues in our docs (i.e. docs.graylog.com)?