I am confused about what to expect graylog to be, and how to use it - I have two use cases:
(1) A single server runs httpd, mysqld, and a few other services (sshd etc). I could use logwatch to parse the logs, but logwatch alerts me to a lot of normal stuff like 404's served from httpd and I used sudo, and stuff like that. And logwatch is not very straightforward to configure, to reduce those unwanted positives, and only runs via cron. I would like to find another system (graylog?) that is able to parse logs on the fly, generate alerts only about bad stuff that needs attention. That has predefined rules, so if apache throws some kind of out of memory error (or similar system error) into the log I'll see it, but normal 404's and stuff like that I won't see. (2) A bunch of servers are running a bunch of services. We're already using alerting systems like zabbix and server density, but they are mostly offering status alerts, not so much log processing. We'd like to add log processing. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/23d0fbe7-1178-4d87-ba13-929429f99b96%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.