1. Purpose: I’m looking into replacing “logcheck” by Graylog.
Currently I’m using “logcheck” on my Debian bare-metal server to become aware of events of interest. I’ve created an extensive regexp pattern list to suppress syslog lines which are not interesting, so that the “interesting” ones remain.
Ideally I would like to configure Graylog so that I have a resulting stream that shows “the same” events like before – the uninteresting ones filtered out, and the interesting ones remaining.
Does it sound like a good idea to use Graylog for this purpose?
I’m aware that I can create alerts to be immediately alerted when something really, well, “alerting” happens, but my intended use-case is for the daily business-as-usual stuff.
2. Describe your environment:
-
OS Information: Debian Bookworm
-
Package Version: 6.1, Docker “compose”-based install
-
Service logs, configurations, and environment variables: not relevant
3. What steps have you already taken to try and solve the problem?
I’ve installed Graylog. I’m kind of familiar with it already, but I’m definitely not an expert yet, although I believe I have a rough understanding of a major part of the available functionality.
I’ve also googled it already, but I couldn’t come up with any meaningful hits.
4. How can the community help?
Please, can you assess my idea and share your input? Does it even make sense what I’m trying to accomplish, or is Graylog simply the wrong tool for it?
Many thanks in advance for your help.