The free version of Graylog lets you capture up to 5GB of log per day. I only have one file server logging to Graylog but it appears to be consuming just over 5GB per day which is causing Graylog license to violate every week.
Is there a preferred method to only capture the logs I want in Graylog so I can whittle down my data consumption and be under the 5GB/day for logs?
My windows file server has the following advanced audit configuration parameters set:
Object Access
Audit Detailed File Share - Success
Audit File Share - Success
Audit File System - Success
Audit Handle Manipulation - Success
I had created streams to only show me specific logs of interest but it seems there’s a lot more logs being captured than I want.
You can use pipelines to drop the messages,what you don’t want to see, or decrease the log types what you send in.
(or just shutdown your sender server )
The free version of Graylog lets you capture up to 5GB of log per day.
I like to clarify here:
Graylog is unlimited on a daily use level. The free Graylog Enterprise License - means the Enterprise features of Graylog - is limited to 5GB per day.
If you have more than 5GB of ingested logs, remove the Enterprise plugins and restart Graylog to have unlimited Graylog or contact Graylog Sales ( http://graylog.org/contact-sales ) to get a license that fits to your needs when you have the need of the Enterprise features.
The other option is what @macko003 suggest. Manipulate the messages and reduce the amount you ingest by only store what you really need.
)