[graylog2] Small set up with 3 servers, "cluster.name"
Hi, I’m faily new to Graylog, and setting up a small GrayLog installation. In the beginning, I just want to use it in my LAB. I will be forwarding event logs from ~50 Windows servers, 3 ESXi Hosts and the LABs firewall. My setup is based on the OVA / ESX appliance. I have deployed 3 VMS VM01 -> webinterface / (4GB RAM) VM02 -> backend / (8GB RAM) VM03 -> datanode / (8GB RAM) I gave the VMs static IPs, changed the “cluster.name” setting to “graylog-LAB” on all 3 VMs. On the VMs I ran the following: VM02: sudo graylog-ctl reconfigure-as-backend VM01: sudo graylog-ctl set-cluster-master 10.70.2.82 sudo graylog-ctl reconfigure-as-webinterface VM03: sudo graylog-ctl set-cluster-master 10.70.2.82 sudo graylog-ctl reconfigure-as-datanode The setup works, but I have noticed that the “cluster.name” setting has been changed back to the default “graylog2”. Is there a way to fix that, or has it no practical consequence? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/2e05ff8a-744b-446d-976e-a3e857c2a297%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] extending disk of OVA deployed Graylog server (a newbie How-To)
Hi, New to Graylog, and not really a Linux user/admin. My LAB deployment quickly ran out of disk space. I searched the web and the documentation for a how to extend the disk, but could not find a Step by Step guide. I ended up doing it the following way - I have posted it in-case it can be helpful to other newbies. Any comments much appreciated. *shut down the VM (just incase you mess something up :) )* *take a snapshot* *attach new disk in vmware* *start the VM* *stop graylog services:* sudo graylog-ctl stop *identify new disk disk (a good bet is that it will be sdb):* sudo lshw -class disk *Output:* *-disk description: SCSI Disk physical id: 0.0.0 bus info: scsi@2:0.0.0 *logical name: /dev/sdb* size: 100GiB (107GB) configuration: sectorsize=512 *-disk description: ATA Disk product: VMware Virtual I physical id: 0.0.0 bus info: scsi@0:0.0.0 logical name: /dev/sda version: 0001 serial: 0001 size: 19GiB (20GB) capabilities: partitioned partitioned:dos configuration: ansiversion=5 sectorsize=512 signature=00040ebf *In this case the new disk is called /dev/sdb* *format new disk (replace sdb with the disk found with the lshw command):* sudo mkfs.ext4 /dev/sdb *create temp mount point for new disk:* sudo mkdir /mnt/newData *mount disk to temp mount point* sudo mount /dev/sdb /mnt/newData *go to single user mode (might not be necessary, will kill SSH so do it from console):* sudo init 1 *copy data to new drive* sudo cd /var/opt/graylog/data sudo cp –ax * /mnt/newData *compare the 2 folders* sudo diff –qr –suppress-common-lines /var/opt/graylog/data /mnt/newData *Output should be something like:* *Only in /mnt/newData: lost+found* *delete old data folder (to free up disk space on the initial disk)* sudo rm –r -f /var/opt/graylog/data *make new mount point* mkdir /var/opt/graylog/data *unmount the temp location* umount /dev/sdb *mount the new disk to the real location* mount /dev/sdb /var/opt/graylog/data *edit fstab to make the mount persistent:* nano /etc/fstab *add the folowing line into fstab* /dev/sdb /var/opt/graylog/data ext4defaults 0 0 *reboot server* sudo shutdown –r now -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/9c1e08f9-bb8d-47b8-a338-6395649cc30e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Guide to setting up HA
Hi, I've been playing with the Graylog appliance for a while now. First it started out as a test, now we are moving towards using it in production. For that I need to set it up in HA. We will be using F5 for load balancing. As I understand it the OVA is not tuned for real HA, is that correct? My plan was 3 Graylog server 1 web, 2 identical graylog servers with all features except the web interface. We currently send around 3GB data to the current setup, and I expect it to rise to 5GB. We cycle the indice every 24 hours, and keep only the last 40. So not a big setup, I just would like to have HA, since we are going to use this to store/index all our log files. My Linux skills are minimal but I know the basics. I have been looking around for a good Graylog HA Howto - but I have not found an comprehensive guide. I have found a few guides for setting up a single Graylog server. I have found references to Chef - but my knowledge of Chef is Zero. Can someone point me in direction of a good guide in acomplising this? Thank you advance, Lasse -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a65ae565-d9c1-4eeb-a4be-bd8453c681cd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
