Hi, I have installed and setyup the Dockerised Graylog on an AWS ec2 instance and able to access the the Graylog server from the web, Launched a Syslog TCP Port ,
Launched another instance with apache (httpd) and by configuring in rsyslog.conf able to send the apache logs to Graylog server . Now i'm trying to - secure the sending logs to graylog server - To send the logs from client to GRAYLOG server we cofigure rsyslog.conf with template *.* @graylog.example.org:514 , so if somebody in our team have done the same configuration that client also will send the log messages to the graylog server. so it shouldn't be happen. We should have to maintain secure access (like from the client side if we want to send the logs we should need some permission or access). Sending of log also should be secure or else if everybody will be sending logs to that same port and there will be a mess up, right. So sending of logs should be secure - how can we secure the sending logs? i have posted this previously and got the reply as - *rsyslog and Graylog support sending logs via TLS which also includes client certificate verification.* But i was not familiar with that asked in detail and got reply with these links - http://www.rsyslog.com/doc/v8-stable/tutorials/tls_cert_summary.html http://www.rsyslog.com/doc/v8-stable/tutorials/tls.html Here i've setup the dockerised graylog and here these links explaining to setup CA and generate certifacates to machines, so can you please explain the process to do in steps. Thanks and Regards Ranga On Thursday, December 8, 2016 at 2:59:05 PM UTC-8, Ranga Daggubati wrote: > > > Hi, > I'm very new to this GRAYLOG. > > I have installed Dockerised Graylog by installing Mongodb, > elasticsearch and graylog server docker container images by running the > three commands that given in graylog.org - > http://docs.graylog.org/en/2.1/pages/installation/docker.html > > > ---->Initially tried to - Setup an AWS instance with Apache and collect > the apache logs into Graylog server. > > For this i have launched Syslog UDP input with a port > number and launched an AWS rhel instance and setup the apache. configured > the imfile setup and used the template > *.* @graylog.example.org:514 in rsyslog.conf. So i was > able to see the apache logs in the Graylog server. > > so now questions are -- > > 1. Does Graylog is used to collect only syslogs or any other application > logs? > > 2. I have launched a syslog input in gl-server - the input will have a > port number and binded to its localhost, here we are not mentioning any ip > address of the system from which we want to pull the logs. so now if i want > to check the apache logs of other instance - so now this instance also will > send the logs to same input then both system apache logs will be showing in > the same place and everything looks like MessUp so how can we track them? > > 3. if one input is able to monitor the logs of multiple instances/systems > then when/what will be the requirement to launch a new input? > > 4. Can you differentiate the list of inputs in Graylog? > > 5. To send the logs from client to GRAYLOG server we cofigure > rsyslog.conf with template *.* @graylog.example.org:514 , so if somebody > in our team have done the same configuration that client also will send the > log messages to the graylog server. so it shouldn't be happen. We should > have to maintain secure access (like from the client side if we want to > send the logs we should need some permission or access). Sending of log > also should be secure or else if everybody will be sending logs to that > same port and there will be a mess up, right. So sending of logs should be > secure - how can we secure the sending logs? > > > Thanks & Regards > Ranga Daggubati > > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/c9f2b76e-8928-4fa9-863a-ef3126fd1a73%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
