Hello,
I am using Splunk at work and I’ve learned a lot about, and have been have lots of fun with it. However, I don’t have the cash for Splunk at home, and I’ve recently learned about Graylog. I’ve installed it on a VM on my FreeNAS box. I’m currently using 4 GB of RAM and can assign more if necessary.
I have a Wordpress website on a VPS with Ubuntu Server 18.04 (and several on a separate shared host). My goal is to send syslogs and mysql logs from - at minimum - to my VPS to my Graylog server to play with the queries. Potentially, I’d like to send logs from my shared host to my VM instance too. I want to be able to create reports of the data, learn about when the bots are crawling my site, as well as create notification on when error occur.
Because I’m currently on a Carrier-grade NAT within an apartment community, I am unable to do any port-forwarding and dynamic DNS - trust me I’ve tried. Therefore, I cannot assign my VM to a port to send logs from my VPS to my Graylog server on my VM on my local network.
From what I understand in the documentation, Graylog nodes (such as my VPS) can send data to the primary Graylog node (my VM). However, I don’t believe my Graylog VM can “grab” logs from a remote server. Am I correct about that?
Additionally, I’m currently running a lean VPS with only 1GB RAM and I don’t believe that’s enough to standup a Graylog installation to run Graylog alongside my WordPress install.
If that is true, the only other thing that I can think of is to write a script to package my syslogs and mysql logs to a Dropbox folder locally, which then syncs to my VM. Or something along those lines. Backblaze might also be an option with their CLI. Then have Graylog ingest that data.
It’s possible I misunderstood the documentation and I’ve run out of options? Any thoughts and ideas are certainly welcome.