Skip to main content
Version: Next

Graylog

Graylog Open is A leading centralized log management solution, used for Log Analytics Data Insights & BI . Graylog Open is a self-managed, SSPL-licensed centralized log management solution designed for log data aggregation, analysis, and management.

ui

Prepare

When referring to this document to use Graylog Open, please read and ensure the following points:

  • Login to Websoft9 Console and find or install Graylog Open:

    • Go to My Apps listing applications
    • Go to App Store installing target application

  • This application is installed by Websoft9 console.

  • The purpose of this application complies with the SSPL-v1 open source license agreement.

  • Configure the domain name or server security group opens external network ports for application access.

Getting started

Login to the backend

After installing Graylog in the Websoft9 console, view the application details through My Applications and get the login information from the Access tab.

  • Login screen

  • Backend Screen

Enterprise Edition

Websoft9 is a Graylog Enterprise Edition partner. Pricing factors for Graylog Enterprise Edition include:

  • Log Storage: Graylog Enterprise Edition pricing is primarily based on log storage.
  • Clustering: The deployment of Graylog cluster also affects pricing.
  • ES: Elasticsearch offers open-source clustering, but advanced features require a commercial license.

Configuration options

  • SMTP (✅): Edit the transport_email parameters in the configuration file
  • Configuration file: To configure environment variables for containers, prefix all configuration variables with uppercase GRAYLOG_ 
    GRAYLOG_TRANSPORT_EMAIL_ENABLED: "true"
    GRAYLOG_TRANSPORT_EMAIL_HOSTNAME: smtp
    GRAYLOG_TRANSPORT_EMAIL_PORT: 25
    GRAYLOG_TRANSPORT_EMAIL_USE_AUTH: "false"
    GRAYLOG_TRANSPORT_EMAIL_USE_TLS: "false"
    GRAYLOG_TRANSPORT_EMAIL_USE_SSL: "false"
  • Graylog API

Administer

  • Clustering: Graylog supports complex clustered deployments. Graylog cluster deployment architecture diagram

Troubleshooting

Alerts and Errors after login ?

Description: A prompt indicating "There is a node without any running inputs." What does this mean?
Reason: This is just a reminder that there is currently no inputs, not an error.
Solution: Create a new local input to resolve this reminder.

Description: Index rotation strategy null not found...?
Reason: This issue occurs when the free disk space is less than 15%.
Solution: Free up redundant files or increase server disk space.

Does Graylog store data?

Graylog does not store data, it relies on Elasticsearch to store data.

Elasticsearch architecture:

  • Elasticsearch is used to store and search logs, with clustering improving efficiency
  • Graylog is used to transfer and present data, with clustering improving availability
  • MongoDB is used to store configuration information, which is minimal, and clustering is limited.

What is the Architecture of Graylog?

Please read the official Architecture Guide