Indepth guide for proper setup of log monitoring

So I installed, setup and configured some hosts to send their logs to Graylog. It works great, I can search and find whatever I want.

I’ve read pretty much the entire Graylog documentation and understand how it works, in some degree at least. The docs are great in explaining what each part does but its also evident that setting it up properly is not an easy task (I didn’t think it was).

So now I’m looking for a guide that deals with setting up for the bigger picture written from experience.

If you know something out there please share it.


Ooofff… Now, I’ve read plenty of good tutorials online, and I’ve written a fairly big design and implementation guide for my customer(s) but I can’t share that one with you. So: good question!

I know the Graylog team provide for an actual training course as well. Maybe someone should write an actual, big book for that :slight_smile:

Can you share those then because I’m not really finding any.

Well, I too have mostly gone by the official docs, like:

And the Several Nines blogpost:

But as you already pointed out, there’s not much out there regarding actual long-time experiences. the closest you’ll find are these forums which have lots of valuable information mixed in with the weekly same-question-every-week topics.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.