Thanks a lot stephen. But now I am running into another problem. Today I tried to login it started giving the error that login credential are invalid, I made some changes in the graylog.conf and did graylog-ctl reconfigure, after that I am getting not able to connect to graylog server.
Any thoughts for this? Thanks Ranjit On Friday, May 1, 2015 at 6:52:16 PM UTC+5:30, Stephen Fox wrote: > > I'm also new to graylog (I've been using working with it for a few weeks, > but I think I can answer a few of your questions) > > 1.I am not able to find message id and index to create rules in streams in > the logs/events? > The message ID and index appear at the top of any message you are viewing. > Here is a copy/paste from the top of one of my messages: > > --- > 409b6860-ef7b-11e4-9106-000c29d9b316 > Received by syslogudp on f0db8b5a / graylog > > Timestamp: 2015-04-30 15:55:37.311 -05:00 > Index: graylog_5 > --- > > The first long string of numbers/letters is the message ID. You'll see the > index also. In this case the index is: graylog_5 > > 2.How to add stream rules, what is user id? > "user_id" isn't really anything, just a placeholder for you to type the > Field you wish to create a stream rule to match. > For example: Type EventID in for the field. Leave "Type" on "match > exactly". For Value, maybe try 4608 (Windows is starting up) > > 3.Is it possible to get only security logs using syslog from device? How > to configure that. Because I am not interface up/down events also from > switch. > Do you have syslog input configured to accept logs from syslog? If so > point a device to the graylog server and watch the events begin to appear > in the Sources list of Graylog. > > 4.Where I can see sources that are sending logs to my servers and details > like how many they are sending, and what are those events. > You should be able to click the "Sources" tab at the top of the Graylog > web interface. You'll see a list of all sources that have sent logs to > Graylog. You can run queries on those messages and show almost any info you > want. It will also show you how many messages over a period of time (such > as Last Hour or Last Day) > > 5.What is content packs and GROK patterns? > I can't help here. > > 6.Is it possible to get reports from the graylog server? > You can run queries then export to CSV. You could also setup a stream to > match certain rules then email you a sort of report based on your > queries/rules. > > I agree with Pete, reading the docs will really help. > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
