[Graylog] installation
Introduction
Graylog is an industry leading log monitoring solution used by ApiOmat to manage logging from Yambas and all other services in a centralized application. Graylog allows real-time log analysis and customize log monitoring. For more information about Graylog, visit https://www.graylog.org.
Prerequisites
Following default ports should be available :
-
9000 (Default Graylog instance)
-
12201 (Default GELF TCP & UDP input port)
-
514 (Default Syslog TCP & UDP input port)
System requirements
(Taken from https://docs.graylog.org/en/2.4/pages/installation.html#system-requirements)
The following configurations are recommended.
-
Some modern Linux distribution (Debian Linux, Ubuntu Linux, or CentOS recommended)
-
Elasticsearch 2.3.5 or later (depending on the graylog version, see note below )
-
MongoDB 2.4 or later (latest stable version is recommended)
Please check the official compatibility list between graylog and elasticsearch e.g. https://docs.graylog.org/en/4.0/pages/configuration/elasticsearch.html#elasticsearch-versions
Installation
Linux and Windows
Graylog is not included in our installation package and must be installed separately. Follow the instructions from Graylog directly.
Docker Compose
# Docker logindocker login -u <USERNAME> -p <PASSWORD># Store the following file and execute:docker-compose -f aom-graylog.compose upaom-graylog.compose:
version: '3.5'services: graylog: image: graylog/graylog:3.0 ports: # api - "9000:9000" # GELF - "12201:12201" - "12201:12201/udp" # Syslog - "514:514" - "514:514/udp" depends_on: - elasticsearch - mongodb - consul links: - elasticsearch - mongodb:mongo - consul environment: - GRAYLOG_PASSWORD_SECRET=somepasswordpepper - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 - GRAYLOG_HTTP_EXTERNAL_URI=http://host.docker.internal:9000/ elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.6.1 environment: - http.host=0.0.0.0 - transport.host=localhost - network.host=0.0.0.0 - "ES_JAVA_OPTS=-Xms512m -Xmx512m" ulimits: memlock: soft: -1 hard: -1 consul: image: library/consul ports: - "8500:8500" command: agent -dev -ui -client=0.0.0.0 mongodb: image: mongo:3 ports: - "27017:27017" command: --smallfilesConfiguration
Linux and Windows
Configuration are described in the Graylog installation wiki for each system.
Docker
Environmental Variables
The following variables are mentioned in the docker compose file above; for further configuration using docker you can refer to Graylog docker configuration.
|
Key |
Default |
Explanation |
|
GRAYLOG_PASSWORD_SECRET |
somepasswordpepper |
|
|
GRAYLOG_ROOT_PASSWORD_SHA2 |
8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 |
Encoded root password (default is admin) |
|
GRAYLOG_HTTP_EXTERNAL_URI |
http://127.0.0.1:9000/ |
graylog host that should be available from outside. This was formerly known as Web endpoint to access graylog api (for more information about graylog rest api you can refer to Graylog rest api documentation) |
logback.xml
To enable sending logs to Graylog you should have a logback.xml configuration to your service (Graylog host is defined as "graylog" assuming you are running your services in a docker container on the same network):
<?xml version="1.0" encoding="UTF-8"?><configuration> <springProperty name="serviceName" source="spring.application.name"/> <include resource="org/springframework/boot/logging/logback/base.xml" /> <!-- send logs to graylog --> <appender name="GELF" class="de.siegmar.logbackgelf.GelfUdpAppender"> <graylogHost>graylog</graylogHost> <graylogPort>12201</graylogPort> <layout class="de.siegmar.logbackgelf.GelfLayout"> <includeRawMessage>false</includeRawMessage> <includeMarker>true</includeMarker> <includeMdcData>true</includeMdcData> <includeCallerData>true</includeCallerData> <includeRootCauseData>true</includeRootCauseData> <includeLevelName>true</includeLevelName> <shortPatternLayout class="ch.qos.logback.classic.PatternLayout"> <pattern>%m%nopex</pattern> </shortPatternLayout> <fullPatternLayout class="ch.qos.logback.classic.PatternLayout"> <pattern>%m</pattern> </fullPatternLayout> <staticField>service_name:${serviceName}</staticField> <staticField>os_arch:${os.arch}</staticField> <staticField>os_name:${os.name}</staticField> <staticField>os_version:${os.version}</staticField> </layout> </appender> <logger name="perfStatsLogger" level="WARN"> <appender-ref ref="GELF" /> </logger>
Authentication setup
Default authentication on Graylog dashboard is "admin":"admin". To log in, go to your Graylog endpoint (default https://localhost:9000) and simply enter the admin credentials:
You can read more about Graylogs security at the official documentation.
Next steps
Connect to the log manager as describe in Authentication part. When using docker the port 12201 is open for input requests for GELF TCP & UDP. You need to create input listeners for that under "System/Inputs" > "inputs":
Once your input listeners are configured and started, you can now search and manage your logs navigating using the "Search tab", or you can click the "Show received messages" of an input to see the log received on that specific input. Default input used by services is UDP port 12201. You should now be able to filter the log :
