The free version of Graylog lets you capture up to 5GB of log per day. I only have one file server logging to Graylog but it appears to be consuming just over 5GB per day which is causing Graylog license to violate every week.
Is there a preferred method to only capture the logs I want in Graylog so I can whittle down my data consumption and be under the 5GB/day for logs?
My windows file server has the following advanced audit configuration parameters set:
- Audit Detailed File Share - Success
- Audit File Share - Success
- Audit File System - Success
- Audit Handle Manipulation - Success
I had created streams to only show me specific logs of interest but it seems there’s a lot more logs being captured than I want.
You can use pipelines to drop the messages,what you don’t want to see, or decrease the log types what you send in.
(or just shutdown your sender server )
The free version of Graylog lets you capture up to 5GB of log per day.
I like to clarify here:
Graylog is unlimited on a daily use level. The free Graylog Enterprise License - means the Enterprise features of Graylog - is limited to 5GB per day.
If you have more than 5GB of ingested logs, remove the Enterprise plugins and restart Graylog to have unlimited Graylog or contact Graylog Sales ( http://graylog.org/contact-sales ) to get a license that fits to your needs when you have the need of the Enterprise features.
The other option is what @macko003 suggest. Manipulate the messages and reduce the amount you ingest by only store what you really need.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.