So I installed, setup and configured some hosts to send their logs to Graylog. It works great, I can search and find whatever I want.
I’ve read pretty much the entire Graylog documentation and understand how it works, in some degree at least. The docs are great in explaining what each part does but its also evident that setting it up properly is not an easy task (I didn’t think it was).
So now I’m looking for a guide that deals with setting up for the bigger picture written from experience.
Ooofff… Now, I’ve read plenty of good tutorials online, and I’ve written a fairly big design and implementation guide for my customer(s) but I can’t share that one with you. So: good question!
I know the Graylog team provide for an actual training course as well. Maybe someone should write an actual, big book for that
But as you already pointed out, there’s not much out there regarding actual long-time experiences. the closest you’ll find are these forums which have lots of valuable information mixed in with the weekly same-question-every-week topics.
