It will makes sense of all the alerts and centralize everything

@DustinB3403 said in NXLog and Windows for Graylog:

@flaxking said in NXLog and Windows for Graylog:

When I was playing with graylog, I was using Beats

Care to elaborate?

Flexible and made to work with different solutions

https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html

https://logz.io/blog/filebeat-tutorial/

The last time I set up Graylog I had to configured SELinux.

Allow the web server to access the network:
sudo setsebool -P httpd_can_network_connect 1

Graylog REST API and web interface:
sudo semanage port -a -t http_port_t -p tcp 9000

Elasticsearch (only if the HTTP API is being used):
sudo semanage port -a -t http_port_t -p tcp 9200

Allow using MongoDB default port (27017/tcp):
sudo semanage port -a -t mongod_port_t -p tcp 27017

@BRRABill said in Graylog Discovery:

@scottalanmiller said in Graylog Discovery:

@BRRABill said in Graylog Discovery:

@scottalanmiller said in Graylog Discovery:

@BRRABill said in Graylog Discovery:

@scottalanmiller said in Graylog Discovery:

@Romo said in Graylog Discovery:

@scottalanmiller said in Graylog Discovery:

Or... learn to work in UTC like the rest of us 😉

Or build your own Graylog server and it doesn't have this issue.

Is there any specific reason for using UTC?

Because it never has a daylight saving problem, it's standard and universal, every system uses it identically, and it is the only option that doesn't play favourites with a region.

So......you just add (say 5, for NY) to everything you see?

Or just work in UTC. In modern international business you always have to adjust the time. Nothing is easier than using UTC which is stable, as a base.

How do you get everyone to play along? Server support? Desktop support? Etc..

You make it a company policy. Times are in UTC. It's pretty easy, you can set desktops through GP or similar. Set servers to UTC. Works like magic. Some people might adjust their own stuff, but if they miss things it's purely a failure on their part that they have no excuse for. In fact, the excuse might be worse than missing things (intentionally breaking policy to not know when to show up.)

Wait, wait...so you expect all your users to also adapt to UTC?

Easier than have them not be able to figure out timezones. It's LESS adaptation, rather than more.

Got it. The node list needs to be master nodes only, but by default the non-master local 127.0.0.1 is left in the list. You have to remove it but keep the other nodes in for it to work.

@StrongBad said in Graylog2:

Don't forget to mark the thread as solved then 😉

Marked

P.S.; While the ability to "pivot" from e.g. alert to metrics to log seamlessly from w/in a single UI is indeed attractive, the time series data model of the PLG stack (Prometheus Loki Grafana) does not lend itself well to "The Tail at Scale" problem.

https://www2.cs.duke.edu/courses/cps296.4/fall13/838-CloudPapers/dean_longtail.pdf

IOW; it is all a lot more complex than one may initially imagine... lol.

Graylog has updated and no longer relies on the old version of ElasticSearch. It will use ElasticSearch 2 now. So time to revisit.

@ajstringham It is very handy! But steep learning curve. I attended a demo conference at the beginning of January up in Orlando. It was very classy and very informational.
They know how to throw a good shin-dig. There is an annual user conference in Las Vegas in October, I think. Analogous to Spice World.