It sounds like you need to start reading the Graylog documentation :) Message ID and index can be found when viewing a message. Click on a message in the search window and the right hand pane will show you both of these items.
You should have a Sources menu item at the top of the screen which will show you all sources in the last 1 hour by default. It sounds like you may be logging in to Graylog as a standard user instead of the administrator configured during install. You won't see most of what you're looking for unless you are an administrator. I would recommend trying that first and reviewing the documentation which is quite helpful and should answer most of your queries. Cheers, Pete On Friday, 1 May 2015 05:59:21 UTC+10, Ranjit Sidhu wrote: > > Hello Experts, > I am new to graylog and log management. Can you please guide me how can I > effectively utilise the graylog for my log management and get the alerts. I > have installed graylog to fulfill the PCI DSS requirements. > I am using syslog from a switch and nxlog from windows server to get the > logs into my graylog. Until now I got 60000 events. But I am struggling for > below mentioned queries: > 1.I am not able to find message id and index to create rules in streams in > the logs/events? > 2.How to add stream rules, what is user id? > 3.Is it possible to get only security logs using syslog from device? How > to configure that. Because I am not interface up/down events also from > switch. > 4.Where I can see sources that are sending logs to my servers and details > like how many they are sending, and what are those events. > 5.What is content packs and GROK patterns? > 6.Is it possible to get reports from the graylog server? > > Thanks for your help. > > Ranjit > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
