[graylog2] Questions regarding Graylog Usage

[Ranga Daggubati]

Hi, 
       I'm very new to this GRAYLOG.
      
       I have installed Dockerised Graylog by installing Mongodb, 
elasticsearch and graylog server docker container images by running the 
three commands that given in graylog.org -                       
 http://docs.graylog.org/en/2.1/pages/installation/docker.html 


---->Initially tried to - Setup an AWS instance with Apache and collect the 
apache logs into Graylog server.

                     For this i have launched Syslog UDP input with a port 
number and launched an AWS rhel instance and setup the apache. configured 
the imfile setup and used the template                                     
               *.* @graylog.example.org:514 in rsyslog.conf. So i was able 
to see the apache logs in the Graylog server.

so now questions are --

1. Does Graylog is used to collect only syslogs or any other application 
logs?

2. I have launched a syslog input in gl-server - the input will have a port 
number and binded to its localhost, here we are not mentioning any ip 
address of the system from which we want to pull the logs. so now if i want 
to check the apache logs of other instance - so now this instance also will 
send the logs to same input then both system apache logs will be showing in 
the same place and everything looks like MessUp so how can we track them?

3. if one input is able to monitor the logs of multiple instances/systems 
then when/what will be the requirement to launch a new input?

4. Can you differentiate the list of inputs in Graylog? 

5. To send the logs from client to GRAYLOG server we cofigure rsyslog.conf 
with template *.* @graylog.example.org:514 , so if somebody in our team 
have done the same configuration that client also will send the log 
messages to the graylog server. so it shouldn't be happen. We should have 
to maintain secure access (like from the client side if we want to send the 
logs we should need some permission or access). Sending of log also should 
be secure or else if everybody will be sending logs to that same port and 
there will be a mess up, right. So sending of logs should be secure - how 
can we secure the sending logs?


Thanks & Regards
Ranga Daggubati


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/3289a508-57b6-483f-9e3c-e5e68e78ae42%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.