Keep Metadata/Statistics While Aging-Out Logs


I was wondering if it’s possible to maintain metadata from the logs, like usage statistics, while discarding the informational logs we no longer need. We have some devices that are very verbose, like our firewall logging every single connection, permitted or denied, which results in significantly more logs that we care to keep, but we would still like to have the metadata gleaned from the logs.

Am I missing something in Graylog or is there maybe an add-on?

Thank you, everyone, for entertaining my ignorance.

nope that is not possible.

you might want to have multiple indices, extracting important information into a new event and keep the origin message only for a few days but the new created messages as long as you want to have that.

Does that make sense to you?

Yes, I think that makes sense. Is there a way to generate log data based on the current stats in Graylog? For example, if we have certain statistics in our dashboard or custom search, could we periodically log that with built-in facilities in Graylog? Or would we required using some external resources (such as a scripting that pulls the data via REST API and then re-logs it back to Graylog into another index)?

currently yes - you need something external. But the upcoming release will contain something that enables you todo this just with Graylog.

That’s unfortunate for the time being, but great to hear.

Thank you very much, Jan.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.