I’m new to GrayLog and am just getting things setup. I’m also not entirely sure how to generate a display of the logs we’re collecting.
My initial test based on the documentation using BEATS.
Collector configuration installed on Windows PC::
server_url: http://gray.internal.lan:9000/api
update_interval: 10
tls_skip_verify: false
send_status: true
list_log_files:
node_id: graylog-226
collector_id: file:C:\Program Files\graylog\collector-sidecar\collector-id
cache_path: C:\Program Files\graylog\collector-sidecar\cache
log_path: C:\Program Files\graylog\collector-sidecar\logs
log_rotation_time: 86400
log_max_age: 2592000
tags: [win10]
backends:
- name: nxlog
enabled: false
binary_path: C:\Program Files (x86)\nxlog\nxlog.exe
configuration_path: C:\Program Files\graylog\collector-sidecar\generated\nxlog.conf
- name: winlogbeat
enabled: true
binary_path: C:\Program Files\graylog\collector-sidecar\winlogbeat.exe
configuration_path: C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml
- name: filebeat
enabled: true
binary_path: C:\Program Files\graylog\collector-sidecar\filebeat.exe
configuration_path: C:\Program Files\graylog\collector-sidecar\generated\filebeat.yml
Tail of WinLogBeat file::
2018-07-11T15:31:46-07:00 INFO EventLog[Security] successfully published 1 events
2018-07-11T15:32:12-07:00 INFO Non-zero metrics in the last 30s: beat.info.uptime.ms=30000 beat.memstats.gc_next=4194304 beat.memstats.memory_alloc=1778104 beat.memstats.memory_total=1282196616 libbeat.config.module.running=0 libbeat.output.events.acked=1 libbeat.output.events.batches=1 libbeat.output.events.total=1 libbeat.output.read.bytes=6 libbeat.output.write.bytes=1284 libbeat.pipeline.clients=3 libbeat.pipeline.events.active=0 libbeat.pipeline.events.published=1 libbeat.pipeline.events.total=1 libbeat.pipeline.queue.acked=1 msg_file_cache.SecurityHits=1 published_events.Security=1 published_events.total=1 uptime={"server_time":"2018-07-11T22:32:12.2667005Z","start_time":"2018-07-11T16:39:39.0829912Z","uptime":"5h52m33.1837093s","uptime_ms":"21153183709"}
2018-07-11T15:32:42-07:00 INFO Non-zero metrics in the last 30s: beat.info.uptime.ms=30000 beat.memstats.gc_next=4194304 beat.memstats.memory_alloc=1888408 beat.memstats.memory_total=1282306920 libbeat.config.module.running=0 libbeat.pipeline.clients=3 libbeat.pipeline.events.active=0 uptime={"server_time":"2018-07-11T22:32:42.2660404Z","start_time":"2018-07-11T16:39:39.0829912Z","uptime":"5h53m3.1830492s","uptime_ms":"21183183049"}
2018-07-11T15:33:11-07:00 INFO EventLog[Security] successfully published 1 events
2018-07-11T15:33:12-07:00 INFO Non-zero metrics in the last 30s: beat.info.uptime.ms=30000 beat.memstats.gc_next=4194304 beat.memstats.memory_alloc=3538240 beat.memstats.memory_total=1283956752 libbeat.config.module.running=0 libbeat.output.events.acked=1 libbeat.output.events.batches=1 libbeat.output.events.total=1 libbeat.output.read.bytes=6 libbeat.output.write.bytes=1256 libbeat.pipeline.clients=3 libbeat.pipeline.events.active=0 libbeat.pipeline.events.published=1 libbeat.pipeline.events.total=1 libbeat.pipeline.queue.acked=1 msg_file_cache.SecurityHits=1 published_events.Security=1 published_events.total=1 uptime={"server_time":"2018-07-11T22:33:12.2658835Z","start_time":"2018-07-11T16:39:39.0829912Z","uptime":"5h53m33.1828923s","uptime_ms":"21213182892"}
2018-07-11T15:33:42-07:00 INFO Non-zero metrics in the last 30s: beat.info.uptime.ms=30000 beat.memstats.gc_next=4194304 beat.memstats.memory_alloc=3675624 beat.memstats.memory_total=1284094136 libbeat.config.module.running=0 libbeat.pipeline.clients=3 libbeat.pipeline.events.active=0 uptime={"server_time":"2018-07-11T22:33:42.2654713Z","start_time":"2018-07-11T16:39:39.0829912Z","uptime":"5h54m3.1824801s","uptime_ms":"21243182480"}
2018-07-11T15:34:12-07:00 INFO Non-zero metrics in the last 30s: beat.info.uptime.ms=30001 beat.memstats.gc_next=4194304 beat.memstats.memory_alloc=1748712 beat.memstats.memory_total=1284195864 libbeat.config.module.running=0 libbeat.pipeline.clients=3 libbeat.pipeline.events.active=0 uptime={"server_time":"2018-07-11T22:34:12.2654671Z","start_time":"2018-07-11T16:39:39.0829912Z","uptime":"5h54m33.1824759s","uptime_ms":"21273182475"}
2018-07-11T15:34:42-07:00 INFO Non-zero metrics in the last 30s: beat.info.uptime.ms=29999 beat.memstats.gc_next=4194304 beat.memstats.memory_alloc=1849840 beat.memstats.memory_total=1284296992 libbeat.config.module.running=0 libbeat.pipeline.clients=3 libbeat.pipeline.events.active=0 uptime={"server_time":"2018-07-11T22:34:42.2645915Z","start_time":"2018-07-11T16:39:39.0829912Z","uptime":"5h55m3.1816003s","uptime_ms":"21303181600"}
2018-07-11T15:35:12-07:00 INFO Non-zero metrics in the last 30s: beat.info.uptime.ms=30000 beat.memstats.gc_next=4194304 beat.memstats.memory_alloc=1956496 beat.memstats.memory_total=1284403648 libbeat.config.module.running=0 libbeat.pipeline.clients=3 libbeat.pipeline.events.active=0 uptime={"server_time":"2018-07-11T22:35:12.2638176Z","start_time":"2018-07-11T16:39:39.0829912Z","uptime":"5h55m33.1808264s","uptime_ms":"21333180826"}
2018-07-11T15:35:42-07:00 INFO Non-zero metrics in the last 30s: beat.info.uptime.ms=30000 beat.memstats.gc_next=4194304 beat.memstats.memory_alloc=2058384 beat.memstats.memory_total=1284505536 libbeat.config.module.running=0 libbeat.pipeline.clients=3 libbeat.pipeline.events.active=0 msg_file_cache.SecuritySize=-1 uptime={"server_time":"2018-07-11T22:35:42.2641025Z","start_time":"2018-07-11T16:39:39.0829912Z","uptime":"5h56m3.1811113s","uptime_ms":"21363181111"}
2018-07-11T15:35:55-07:00 INFO EventLog[Security] successfully published 1 events
Collectors::