@@LAWRENCESYSTEMS Thank you for your reply man! Do you know where you could possibly point me in the right direction - I have been chasing my tail any insight would be greatly appreciated.
I have been a linux admin for about as long as linux admins have been a thing, but I have managed to avoid Docker for some reason. I saw that this was on docker and it was a project I wanted to try... my first instinct was "No, find the source" but I decided to give it a shot. Thanks for making this really easy.
Must have paused and rewound the video about 100 times but got my pfsense logs flowing to a graylog testbed as per this video. Requested a login acct as "mark" on your Forum to post some further questions. Great video.
Minor thing - I'd recommend adding an extra space to the beginning of the echo command at the early stage where you create the SHA256sum for the password - this stops the password being visible in that user's history. Minor thing but I've heard of history files being a juicy target like this.
Your are a life saver. I tried official docker compose but only to fail. Your configuration work like charm. Awesome stuff here! really appreciate your work
14:08 you can mark, that new user with own timezone will be see logs with corrected time and mark diff that admin see utc. This video is better then previous. Good job and I hope you create a video about extractors.
Thanks for the updated tutorial! I set up graylog using docker compose a few months back, and followed the old video for the in-app setup part. It's great for folks to have an up-to-date version of the instructions. For anyone looking to set this up - inevitably some servers will disagree about the timezone, so even if you set your user and timezone correctly, its worth having a pipeline that can adjust a source between UTC and local time.
I'm just guessing but maybe making sure the timezone set in the docker compose environment variable matches that of the server docker is running on is a good place to start. :)
@16:35 - why does graylog don't have template extractors (plus make it auto detect) for standard stuff: windows.linux-pc/laptops/servers, mac, pfsense, etc...?
Maybe I missed it but I don't think you mentioned the pros/cons of installing via docker instead of a "normal" install. I'd also be interested in your opinion on graylog vs loki/grafana. Also you're using opensearch and I think elastic was my only option when I set this up and I'm not a fan of elastic -- would be interested in hearing why you chose opensearch. I have graylog running in a proxmox vm that I set up years ago. Struggled to get it setup and configured, I have some ongoing issues where some feeds have accurate times and others have their timestamps in a different timezone, but it feels like such a headache to configure as a hobbyist who doesn't work with it daily. I know there's a lot more I could be getting out of it, but right now it basically sits as a "well if something goes terribly wrong i can search graylog" and that's about the extent of the value I get from it. Thinking about switching to loki/grafana in the hopes the config is easier for someone who doesn't interact with it daily where currently any changes I want to make mean I'm going to spend hours researching the syntax or formatting for graylog. It's 100% lack of familiarity on my part combined with user error but the thought of having to make changes to graylog gives me a headache.
Docker is easier to use and maintain for Graylog, the Elasitic licence changes as I understand them makes OpenSeach a better choice, Loki looks much more complicated to configure.
@@LAWRENCESYSTEMS Thanks Tom! I found Graylog's youtube channel has a video on migrating from elastic to Opensearch so it looks like that might be in my future. Sounds like my hopes on Loki won't likely pan out then haha.
@Lawrencesystems Tom, Have you used the SIEM product (Graylog Security) before. I'm interested in a platform like that to help with cyber threats. Do have any other suggestions as far as an SIEM log platform?
Thanks for the great tutorial! I would be interested in a discussion about Sentry - an open source tool for catching unhandled exceptions, collecting related context data and alerting the developers. It seems that some of this logic can be implemented with Graylog, and I was wondering whether it makes sense to use both systems, or if one would suffice.
Great quick tutorial! However the part I am most struggling with is the connection between inputs, streams, indices and extractors. A comprehensive overview of the architectural model of Graylog would be much appreciated.
Hello Tom! I managed to setup this just like you. I use version 5.1. Is there a guide or is there a way you can help to setup the SSL certs so I can use a https?
Having multiple issues with docker compose erroring on the depends_on section of the YAML, first error is needs to be an array and then values need to be a string, any ideas ?
I'd really like to use it but the fact that "log view" is behind the enterprise version paywall is just insane. will stay with Grafana Loki as logs are just so much easier to read there - such a shame for homelab users like me.
Thanks for the recommendations! Was a bit finicky but got it running on my proxmox cluster and ingesting logs from the xigmanas box now! nice to have logs I can search instead of losing on reboot. Anyone else going thru the install make sure you set the CPU up to at least x86_64_v3 for the intruction set for mongodb. Took me a bit to find the error.
But 1514 is unencrypted right?, I mean syslog data are being sent "naked"? It means that network connection should be trustfull. Like separate VLAN or something?
Thank you for making this video. I know we all copy and paste at times for expediency. However, to recommend that users do this, in a video, may enforce dangerous behaviors. Should people just have common sense and read the commands before they paste them? Yes, of course. But, hey, that's what we have disclaimers for. "If you feel confident in my instructions, and you are running this in a development environment, you can go ahead and copy and paste these commands into your terminal." Obviously, if your hat is really, really dark, making people dumber is obviously a worthwhile goal.
Saw in the latest docs that the virtual appliances is no longer available, neither able to find the OVA image. Not sure if its possible to install this in docker on a mac setup.
This was a great tutorial, Thank you. Do you know if its possible to have Graylog record information on each of the TCP sessions from PFsense firewall, for example, how many bytes sent/received for each TCP session, and if the TCP session ended with FIN or RST ?
Hi Tom, great guide. I have tried to install graylog on my Ubuntu Server VM in proxmox, and I'm stuck in " sudo docker-compose up", if I run it as it is I tells me I have no permissions to run, but if I add "sudo" in front of the command, it seems to be doing it, except it keeps running and running . Seems as if it is actually running the daemon, but not in the background. I also tried opening the URL on port 9000 , but there is nothing
Great video, love the platform and install guide! What variable can I use in the email notification template to see the source IP of the device that generated the log entry? I tried using ${field.src_ip} but it just shows blank in the email.
One thing I cannot for the life of me figure out is how to use NFS to store the actual log data (opensearch). If you try and use docker-compose to store the data on an NFS volume, the container fails to launch as it seems the image is trying to run chown on the data storage directory, which I guess nfs doesn't allow.
I have the exact same problem. Did you ever fix? Are you using TrueNAS to serve the NFS? I am- I believe the solution is either dataset permissions or the NFS share mapping. Have read a bunch on NFS permissions and I cannot seem to figure this out.
@@charlescc1000I never did, no, but I didn't spend a ton of time trying as it wasn't that critical. I suspect the best approach would be to tweak the docker image so it doesn't try and fiddle with ownership/permissions.
Hi Tom, I added this to my existing docker (installed via apt) but the graylog container is not starting up. I'm getting this in the logs: com.mongodb.MongoSocketException: mongodb: Temporary failure in name resolution Caused by: java.net.UnknownHostException: mongodb: Temporary failure in name resolution 2023-05-13 15:13:58,222 INFO : org.graylog2.bootstrap.preflight.MongoDBPreflightCheck - MongoDB is not available. Retry #1 2023-05-13 15:14:00,222 INFO : org.mongodb.driver.cluster - Cluster description not yet available. Waiting for 30000 ms before timing out I've tried removing and re-deploying but no luck.
i'm trying to find a way to have it alert me when dhcp leases are given out for new MAC addresses on the network, i have this working via syslog-ng and a bash script but if i can do through the GUI in Greylog that would be great
I may have done something wrong because messages are only hitting the very last stream/indices I created. In other words, PFsense was the first one created, and messages were hitting it. The last one I created was for a Cisco switch, and now no PfSense messages, but lots of messages to the Cisco switch. Any thoughts on this? Thanks!
Strange, last night I finally got around to starting work on testing a Graylog server. noticed your instructions were for V4, and decided I would do get the docker image working today.. now Look at this! what timing.
I've more than 25 docker containers running on few different VMs, I'm no expert in docker but not really a newbie either But starting Graylog? I just can't do it The way they implemented the $USER is beyond my understanding Keep getting stuck at this error when Graylog is starting: ERROR org.graylog2.bootstrap.CmdLineTool - Couldn't load configuration: Properties file /usr/share/graylog/data/config/graylog.conf doesn't exist! (And yes it exist, and it is mapped correctly) I've tried to set user variables, tried to change directly the mounted directory ownership to 1100:1100 I've tried with other versions of docker-compose Tried also changing the owner to docker:docker Executed multiple times that "sudo usermod -aG docker $USER" Rebooted the server, tried other mounting points that are not in the /home directory Nothing works Sorry but the Graylog docker image is broken for me (and no I'm not using snap docker package even tho I'm running on Ubuntu Server) Thank you for the tutorial but sadly I might have to many skill issues to solve this
Clean install of Ubuntu 22.04. Graylog container wont start. Stays in thee 'starting' status. I then instead install graylog natively with opensearch and mongo. Runs without issue. Something wrong with the compose file maybe?
Thanks for the video for deploying graylog. It seems your demo server has 8 core 4GB memory. I know it is for demo purpose. But how can I calcurate the necessary hardware resource for certain system ?
@@LAWRENCESYSTEMS awesome! I’ve seem companies say “use this for testing and not production” so it’s good to hear that’s not the case here! Like you mentioned on HLS, using docker compose is an easy way to not worry about Linux distro for your apps! Lol
It’s odd I set this up and found that windows 11 default firewall blocks port 9000 so I thought it wasn’t working and then decided to try my phone and it was working except that some reason my password I placed was not working.
Very cool video! I'll definitely be watching it! If I may make a request for another video: could you do one on Fluentbit/Fluentd? (I never know what to call it). It's always been such a headache for me to get back into the config logic once something decides to break again, but it's otherwise been working so perfectly for us! I'd love to see your take on it and see if I missed anything.
Zabbix is not a log server, Prometheus is not really a log server, and I don't think ELK Stack is open source anymore. Maybe I should do a video on monitoring vs logging.
Great video - I used your compose file and i get this "mongodb exited with code 132" every time I try to run docker-compose up. I can't find any errors - It runs on proxmox in a ubuntu 22.04 LTS VM. any ideas ?
@@LAWRENCESYSTEMS I didn't put specific IP yet on the syslog. May I know what is the command to show the syslog were I can input the switch ip or if there's a guide on how to add switches and router in graylog. I really need your help sir. Thanks
Hey Tom, could you make a video about zabbix as a comparison. It has pre-defined templates and triggers for the most popular systems, linux, windows, firewalls, etc. Very powerful tool. I would love to see it on your channel. It comes containerized as well.
@@LAWRENCESYSTEMSI think your focus is wrong on this because ipv6 has many advantages and we will have to move to it anyway, so better be up to date sooner than later
Running the docker-compose as built, and getting this error - The Compose file './docker-compose.yml' is invalid because: services.graylog.depends_on contains an invalid type, it should be an array Google fu says it's a docker version problem, and worked with older, and newer, but not the in between? I'm a docker newB.
Hey Tom, thanks for your amazing videos! Small request, would it be possible to raise the volume on your videos, I find it even with my speakers cranked to to max I still have a hard time hearing you. (If it's too loud for someone they can always reduce volume vs raising isn't always possible).
@@LAWRENCESYSTEMS Looking forward to it. Been struggling to implement that for my org, and can't find a useful tutorial for implementing sidecar with Graylog containorized
My Graylog 5 Forum Post with commands
lawrence.video/graylog5
Do you know of a way to get the Wazuh4.4.1 docker deployment {using their cert generator} along side with graylog5.0?
@@fxdtech I do not.
@@LAWRENCESYSTEMS Thank you for your reply man! Do you know where you could possibly point me in the right direction - I have been chasing my tail any insight would be greatly appreciated.
@@fxdtech I don't use it so I don't know
Quick Question: What shell is that? I like the wrapping around for the command.
Tom, thank you. This is what makes you stand out. You dont explain only how but also why. So many things now people write a guide only on how.
I would vote that once the technology exists and is safe, we clone Tom first!
I have been a linux admin for about as long as linux admins have been a thing, but I have managed to avoid Docker for some reason. I saw that this was on docker and it was a project I wanted to try... my first instinct was "No, find the source" but I decided to give it a shot.
Thanks for making this really easy.
Must have paused and rewound the video about 100 times but got my pfsense logs flowing to a graylog testbed as per this video. Requested a login acct as "mark" on your Forum to post some further questions.
Great video.
Great guide, thanks for the info. Tip for those who use proxmox as vm host. Put your CPU in Host mode as otherwise mongodb will not work.
I did this as an assignment a few months before I graduated. I did not set it up on my own server at the time. Thanks for making this video!
Minor thing - I'd recommend adding an extra space to the beginning of the echo command at the early stage where you create the SHA256sum for the password - this stops the password being visible in that user's history. Minor thing but I've heard of history files being a juicy target like this.
Yeah, good point for sure. Running though the bash history is a great info gathering technique.
@@LAWRENCESYSTEMS I think I learned that method on your channel actually, you guys are doing God's work here that's for sure
Great tip as I was wondering how to avoid that opsec issue after looking the my history
Your are a life saver. I tried official docker compose but only to fail. Your configuration work like charm. Awesome stuff here! really appreciate your work
This was great. Thank you Lawrence for taking the time to do this for us. I for one am adding this to the list of things to build this weekend.
14:08 you can mark, that new user with own timezone will be see logs with corrected time and mark diff that admin see utc.
This video is better then previous. Good job and I hope you create a video about extractors.
and, where you have a extractors for unifi ?
Thanks for the updated tutorial! I set up graylog using docker compose a few months back, and followed the old video for the in-app setup part. It's great for folks to have an up-to-date version of the instructions. For anyone looking to set this up - inevitably some servers will disagree about the timezone, so even if you set your user and timezone correctly, its worth having a pipeline that can adjust a source between UTC and local time.
I'm just guessing but maybe making sure the timezone set in the docker compose environment variable matches that of the server docker is running on is a good place to start. :)
So Tom really just made the video to get his shirt fixed. I knew he didn't just make videos for education alone! 😂
Graylog will probably just send him a patch.
And an excellent exchange of about 20 hours to make the video in exchange for a shirt, too
I was literally about to go over your previous video for exactly this. Great video as always! Thanks Tom!
@16:35 - why does graylog don't have template extractors (plus make it auto detect) for standard stuff: windows.linux-pc/laptops/servers, mac, pfsense, etc...?
Haven't watched the video YET.... But love the "tutorial" image on the thumbnail. Nice touch!
Thank you Tom , awesome video ... graylog looks very interesting as a centralized logging solution
Thanks. Using Grayling but your video showed some great ways to modify it.
And love the glasses look!
Just what I needed! Thanks Tom for all you hard work.
Maybe I missed it but I don't think you mentioned the pros/cons of installing via docker instead of a "normal" install. I'd also be interested in your opinion on graylog vs loki/grafana. Also you're using opensearch and I think elastic was my only option when I set this up and I'm not a fan of elastic -- would be interested in hearing why you chose opensearch. I have graylog running in a proxmox vm that I set up years ago. Struggled to get it setup and configured, I have some ongoing issues where some feeds have accurate times and others have their timestamps in a different timezone, but it feels like such a headache to configure as a hobbyist who doesn't work with it daily. I know there's a lot more I could be getting out of it, but right now it basically sits as a "well if something goes terribly wrong i can search graylog" and that's about the extent of the value I get from it. Thinking about switching to loki/grafana in the hopes the config is easier for someone who doesn't interact with it daily where currently any changes I want to make mean I'm going to spend hours researching the syntax or formatting for graylog. It's 100% lack of familiarity on my part combined with user error but the thought of having to make changes to graylog gives me a headache.
Docker is easier to use and maintain for Graylog, the Elasitic licence changes as I understand them makes OpenSeach a better choice, Loki looks much more complicated to configure.
@@LAWRENCESYSTEMS Thanks Tom! I found Graylog's youtube channel has a video on migrating from elastic to Opensearch so it looks like that might be in my future. Sounds like my hopes on Loki won't likely pan out then haha.
7:30 How does one sign up for MailHop? Looks like their website is just a page stating there's no website. 😅
super awesome video, I'm a huge fan of graylog.
Very useful video, THX Lawrence .
Fantastic tutorial, Tom. I'd love to see how to bring in pfBlocker logs into Graylog.
TOM IS BACK WITH THE GOODS!
So an index is just a way to do high level categorizing/grouping of data sets/sources?
@Lawrencesystems
Tom, Have you used the SIEM product (Graylog Security) before. I'm interested in a platform like that to help with cyber threats. Do have any other suggestions as far as an SIEM log platform?
We use Blumira ruclips.net/video/5dytu5YW0LY/видео.htmlsi=LmRTQTgeaT-4otYk
Thanks for the great tutorial! I would be interested in a discussion about Sentry - an open source tool for catching unhandled exceptions, collecting related context data and alerting the developers. It seems that some of this logic can be implemented with Graylog, and I was wondering whether it makes sense to use both systems, or if one would suffice.
Great quick tutorial! However the part I am most struggling with is the connection between inputs, streams, indices and extractors. A comprehensive overview of the architectural model of Graylog would be much appreciated.
Hello Tom!
I managed to setup this just like you. I use version 5.1.
Is there a guide or is there a way you can help to setup the SSL certs so I can use a https?
I have a video on HAProxy which is how I use it, but any reverse proxy should be fine.
Thank you kind sir!@@LAWRENCESYSTEMS
Having multiple issues with docker compose erroring on the depends_on section of the YAML, first error is needs to be an array and then values need to be a string, any ideas ?
my exact problem ... did you manage to sort the array thing?
I'd really like to use it but the fact that "log view" is behind the enterprise version paywall is just insane.
will stay with Grafana Loki as logs are just so much easier to read there - such a shame for homelab users like me.
Thanks for the recommendations! Was a bit finicky but got it running on my proxmox cluster and ingesting logs from the xigmanas box now! nice to have logs I can search instead of losing on reboot. Anyone else going thru the install make sure you set the CPU up to at least x86_64_v3 for the intruction set for mongodb. Took me a bit to find the error.
Really great video, thank you. Very clear, detailed and last but not least: usefull
Is there a way to set this up over https? I want greylog itself to have the https cert.
But 1514 is unencrypted right?, I mean syslog data are being sent "naked"? It means that network connection should be trustfull. Like separate VLAN or something?
In the demo I was sending logs unencrypted to that port. Graylog supports some encrypted protocols forlogs but not all devices support sending them.
Finnnnnnalllly the notification I’ve been waiting for
Thank you for making this video. I know we all copy and paste at times for expediency. However, to recommend that users do this, in a video, may enforce dangerous behaviors. Should people just have common sense and read the commands before they paste them? Yes, of course. But, hey, that's what we have disclaimers for. "If you feel confident in my instructions, and you are running this in a development environment, you can go ahead and copy and paste these commands into your terminal." Obviously, if your hat is really, really dark, making people dumber is obviously a worthwhile goal.
great tutor, i see the workflow and what it can do.
Saw in the latest docs that the virtual appliances is no longer available, neither able to find the OVA image.
Not sure if its possible to install this in docker on a mac setup.
This was a great tutorial, Thank you. Do you know if its possible to have Graylog record information on each of the TCP sessions from PFsense firewall, for example, how many bytes sent/received for each TCP session, and if the TCP session ended with FIN or RST ?
Maybe with netflow, I have not tried.
Does gray log provide functionality in addition to wazuh ? Or they are same.
Wazuh is more focused on security.
This is really nice. Thanks for sharing.
I was getting some "depends_on" errors when trying to run the docker-compose
I fixed it by using "docker compose" instead of "docker-compose" command
Thank you! I was having the same problem.
thank you much man.
Hi Tom, great guide. I have tried to install graylog on my Ubuntu Server VM in proxmox, and I'm stuck in " sudo docker-compose up", if I run it as it is I tells me I have no permissions to run, but if I add "sudo" in front of the command, it seems to be doing it, except it keeps running and running . Seems as if it is actually running the daemon, but not in the background. I also tried opening the URL on port 9000 , but there is nothing
At the 2 minute mark I mention Ubuntu installing docker as a Snap package what is probably the issue
@@LAWRENCESYSTEMS thanks for the quick reply. I am trying various things, will reply on your Forum
Great video, love the platform and install guide!
What variable can I use in the email notification template to see the source IP of the device that generated the log entry? I tried using ${field.src_ip} but it just shows blank in the email.
It varies based on the field each log uses to store that. Their forums are a great resource for those details.
Hi Tom, as always, such a great tutorial. Thanks so much 🫶
Glad you enjoyed it!
One thing I cannot for the life of me figure out is how to use NFS to store the actual log data (opensearch). If you try and use docker-compose to store the data on an NFS volume, the container fails to launch as it seems the image is trying to run chown on the data storage directory, which I guess nfs doesn't allow.
I have the exact same problem. Did you ever fix? Are you using TrueNAS to serve the NFS? I am- I believe the solution is either dataset permissions or the NFS share mapping. Have read a bunch on NFS permissions and I cannot seem to figure this out.
@@charlescc1000I never did, no, but I didn't spend a ton of time trying as it wasn't that critical. I suspect the best approach would be to tweak the docker image so it doesn't try and fiddle with ownership/permissions.
If we are using elastic search then what's the advantage with this tool? Why should we use it?
I find graylog easier to manage and setup compared to Elastic
@@LAWRENCESYSTEMS thanks
Hi Tom, I added this to my existing docker (installed via apt) but the graylog container is not starting up. I'm getting this in the logs:
com.mongodb.MongoSocketException: mongodb: Temporary failure in name resolution
Caused by: java.net.UnknownHostException: mongodb: Temporary failure in name resolution
2023-05-13 15:13:58,222 INFO : org.graylog2.bootstrap.preflight.MongoDBPreflightCheck - MongoDB is not available. Retry #1
2023-05-13 15:14:00,222 INFO : org.mongodb.driver.cluster - Cluster description not yet available. Waiting for 30000 ms before timing out
I've tried removing and re-deploying but no luck.
hi good evening, very good works...please a question?...how do yo do your prompt console??? many thanks in advance
github.com/lawrencesystems/dotfiles
I thought we should not install and use docker-compose anymore, but use the docker compose command in the newer versions of docker?
Not sure why I keep getting the pwd variable is not set. defaulting to a blank string. Was able to get it running but don't see the web UI as well.
i'm trying to find a way to have it alert me when dhcp leases are given out for new MAC addresses on the network, i have this working via syslog-ng and a bash script but if i can do through the GUI in Greylog that would be great
Amazing information. Thanks!
How can I setup Graylog cluster with High Availability and scalable?
go2docs.graylog.org/5-0/setting_up_graylog/multi-node_setup.html
I may have done something wrong because messages are only hitting the very last stream/indices I created. In other words, PFsense was the first one created, and messages were hitting it. The last one I created was for a Cisco switch, and now no PfSense messages, but lots of messages to the Cisco switch. Any thoughts on this? Thanks!
You have a setting incorrect in the stream rule
Great video, good job
Can anyone tell me which one is best for log managment between Graylog, Wazuh and ELK? Mainly for Windows servers and Mikrotik routers.
How do I bind the web GUI port to an external IP so I can access it over the web?
Graylog here for:
Syslog: pfsense, unifi, synology nas.
Netflow: pfsense
Works great 👍
Strange, last night I finally got around to starting work on testing a Graylog server. noticed your instructions were for V4, and decided I would do get the docker image working today.. now Look at this! what timing.
I've more than 25 docker containers running on few different VMs, I'm no expert in docker but not really a newbie either
But starting Graylog? I just can't do it
The way they implemented the $USER is beyond my understanding
Keep getting stuck at this error when Graylog is starting:
ERROR org.graylog2.bootstrap.CmdLineTool - Couldn't load configuration: Properties file /usr/share/graylog/data/config/graylog.conf doesn't exist!
(And yes it exist, and it is mapped correctly)
I've tried to set user variables, tried to change directly the mounted directory ownership to 1100:1100
I've tried with other versions of docker-compose
Tried also changing the owner to docker:docker
Executed multiple times that "sudo usermod -aG docker $USER"
Rebooted the server, tried other mounting points that are not in the /home directory
Nothing works
Sorry but the Graylog docker image is broken for me (and no I'm not using snap docker package even tho I'm running on Ubuntu Server)
Thank you for the tutorial but sadly I might have to many skill issues to solve this
Is it overkill for home server loging and alerting? Cheers?
Awesome!, now i know what i am setting up tomorrow :)
Great job 🎉
Ubuntu redirecting Apt Get commands to Snap Install is so dishonest. Want to promote snap, fine. Lying to the user should not be tolerated.
One of the reasons I moved all my servers to debian
@@cranil This is the way. Moving to community based distros is going to be the way to go for a lot of people
Clean install of Ubuntu 22.04.
Graylog container wont start. Stays in thee 'starting' status. I then instead install graylog natively with opensearch and mongo. Runs without issue. Something wrong with the compose file maybe?
Same issue. I see a lot of logs running but it doesn't get up.
As I said in the video, make sure you are not using the SNAP version of Docker.
@@LAWRENCESYSTEMS I’m not. Docker is installed via apt
@@LAWRENCESYSTEMS I did not. Just forgot the -d behind docker-compose up.
Same here. I thought it was just me, but no, docker installed via apt, clean ubuntu 22.04 vm installed on my proxmox server.
Great video! What terminal are you using? Looks awesome
It's on my GitHub
@@LAWRENCESYSTEMS What is it under because I'm not seeing it?
Thanks for the video for deploying graylog. It seems your demo server has 8 core 4GB memory. I know it is for demo purpose. But how can I calcurate the necessary hardware resource for certain system ?
It depends on how much data you are sending
Well done - thank you!
Tom, is it recommended to use docker compose for production?
Yes
@@LAWRENCESYSTEMS awesome! I’ve seem companies say “use this for testing and not production” so it’s good to hear that’s not the case here! Like you mentioned on HLS, using docker compose is an easy way to not worry about Linux distro for your apps! Lol
This is very good!👏
It’s odd I set this up and found that windows 11 default firewall blocks port 9000 so I thought it wasn’t working and then decided to try my phone and it was working except that some reason my password I placed was not working.
Very cool video! I'll definitely be watching it! If I may make a request for another video: could you do one on Fluentbit/Fluentd? (I never know what to call it). It's always been such a headache for me to get back into the config logic once something decides to break again, but it's otherwise been working so perfectly for us! I'd love to see your take on it and see if I missed anything.
Why would I want to configure smtp logging for graylog?
What about Grafana & Prometheus? What are the differences?
Grafana & Prometheus are for metrics collection and not logs.
@@LAWRENCESYSTEMS Thanks for clearing that out. Love your channel btw, keep up the good work!
Is there any way to get UniFi Firewall logs into Graylog?
maybe you can compare Graylog to other open source systems?
Like which one?
@@LAWRENCESYSTEMS Maybe Prometheus + Grafana, Zabbix or ELK Stack
Zabbix is not a log server, Prometheus is not really a log server, and I don't think ELK Stack is open source anymore. Maybe I should do a video on monitoring vs logging.
@@LAWRENCESYSTEMSGrafana Loki.
@@AlexKidd4Fun It's much more complex to configure and I don't use it so not likely I would do a video on it.
is any specific reason do you using opensearch instead elasticsearch ?
It's what they default to probably because of potential license issues
Great video! I would love to see a comparison of Graylog and ELK stack.
I don't think ELK Stack is not open source anymore and I don't use it so not likely to happen.
Great video.
very helpful thank you
Great video - I used your compose file and i get this "mongodb exited with code 132" every time I try to run docker-compose up. I can't find any errors - It runs on proxmox in a ubuntu 22.04 LTS VM. any ideas ?
Nope, I just built a new VM with the latest Ubuntu and could not get the same error.
@@LAWRENCESYSTEMS Weird - but thanks for trying - Thanks for your answer 🙂
You may need to pass AVX CPU extension to the VM (if your host CPU supports it). MongoDB 5+ requires it.
@@xbb Thanks more than a million - That was the solution - It booted up right away after that - YOU ARE A CHAMP
@@xbb how do you do that? I'm running into this issue as sell
Thanks for the video =)
Hi. Can you help mo sir how can I add router and switches in the graylog for me to monitor my network
Graylog collects SYSLOG. Have your switches send their SYSLOG data there.
@@LAWRENCESYSTEMS I didn't put specific IP yet on the syslog. May I know what is the command to show the syslog were I can input the switch ip or if there's a guide on how to add switches and router in graylog. I really need your help sir. Thanks
@@benchymarquez2963 every router has it's own way but the goal is to have them send it to Graylog
Wish you would do a install version of this on scale. It seems impossible to get it to work. Everyone and their mom is using yaml and scale doesn't.
I don't have an interest in trying to make it work with their system. If you really want it working in Scale I would run it as a VM.
Hey Tom, could you make a video about zabbix as a comparison. It has pre-defined templates and triggers for the most popular systems, linux, windows, firewalls, etc. Very powerful tool. I would love to see it on your channel. It comes containerized as well.
Yesss, would love to see a containerized walkthrough of Zabbix
Great Video, but why are you not dealing with IPv6? The world is 33% based IPv6 and growing. So anyone with a IPv6 extractor that work?
I don't use IPV6
@@LAWRENCESYSTEMSWhy not? I think your already great videos would be even more useful.
@@kristiankrautwald8074 I just don't have a use case for it at this time
@@LAWRENCESYSTEMSI think your focus is wrong on this because ipv6 has many advantages and we will have to move to it anyway, so better be up to date sooner than later
@@jb5631 you forget the part where YT channels are a business
great video
Running the docker-compose as built, and getting this error - The Compose file './docker-compose.yml' is invalid because:
services.graylog.depends_on contains an invalid type, it should be an array
Google fu says it's a docker version problem, and worked with older, and newer, but not the in between? I'm a docker newB.
is the git updated to graylog 6.1.5?
Yes
Did you get a new shirt though?
Yes, they did send me one!
Just set it up, super easy! now who knows where I can find a json for unifi extractors?!?
What happened at 16:14?
That's how you get the message to create an extractor from
any reason why greylog instead of elastic?
Fully open source, easier to use, and more flexible.
BUT
How do I make a cluster system with redundancy purposes
Follow the guide on their site go2docs.graylog.org/5-0/setting_up_graylog/multi-node_setup.html
Hey Tom, thanks for your amazing videos! Small request, would it be possible to raise the volume on your videos, I find it even with my speakers cranked to to max I still have a hard time hearing you. (If it's too loud for someone they can always reduce volume vs raising isn't always possible).
My volume is at where it should be for RUclips
Would like to see how the logs can be redirected to another mnt drive. The quick explanation did not work.
@Lawrencesystems: did you get a new t-shirt? :)
yup!
What the f, i gave my graylog vm the same static last octet as you did by coincidence, only difference is mine uses 49 as octet 3
How about a video with a sidecar and windows logs?
Eventually
@@LAWRENCESYSTEMS Looking forward to it. Been struggling to implement that for my org, and can't find a useful tutorial for implementing sidecar with Graylog containorized