Menu

Gelf Listener in Python August 17, 2017

Recently, I receeived a request from management to provide raw system logs to one of our clients for their internal auditing purposes. They will need logs on an ongoing basis, and have no logging infrastructure on their end which could receive parsed out Graylog events. Effectively, they were looking for 'big text files' of logs.

Due to security reasons (as well as network configuration constraints), allowing them access to our Graylog instance is a non-starter. So, my journey to get logs out of graylog began in earnest. I attempted several methods and ended up writing my own Gelf listener for events. But, let's see why.

Read more

Collect reddit messages using Graylog August 17, 2017

This post covers using a Python script to collect Reddit inbox messages and sending them to Graylog for alerting or reporting.

Graylog is an excellent platform for collecting and storing log data from servers, but that's not the only tasks that it can be suitable for. Objectively, any form of data can be added to Graylog. Once the data is inserted, then you are able to query, alert, and report on it.

In this example, I want to show you how you can use Graylog to monitor your Reddit inbox for messages. You can receive alerts for new messages, even receive alerts for particular words.

Read more

Send Gmail Messages to Graylog August 17, 2017

In this post, we will look into using a script to send new Gmail messages to Graylog

Graylog is an excellent platform for collecting and storing log data from servers, but that's not the only tasks that it can be suitable for. Objectively, any form of textual data can be added to Graylog for retention, alerting or reposting.

In this example, I'll show you how you can use Graylog to monitor your Gmail inbox for new messages. You can receive alerts for new messages, even receive alerts for particular words contained within the body of the message. The Python script is flexible, and you can always rely on Graylog's superb filters in case you need extra work done.

This script can be useful for monitoring a support email inbox, an inbox which receives alert messages, or anything else which requires a little intelligence.

Read more

Hunting Down Stale Devices August 17, 2017

Running a logging server with dozens (if not hundreds or thousands) of devices logging to it, you may run into an issue with stale devices. Stale devices are just that- devices that have been configured to log to your server and, for whatever reason, managed to stop logging altogether. It should be logging, but doesn't.

It's a big problem with a few dozen devices. If you're responsible for the care and feeding of hundreds of logging endpoints, then it turns into a pain tracking them down.

I wrote up a script for my work Graylog servers which automate the efforts of identifying and alerting me of stale devices on a weekly basis. My script runs on the local Graylog server via cron. I also have a Stream setup which emails me whenever the stream reports new entries. Here's how I put it all together.

Read more

Graylog Self-Test August 17, 2017

Just noticed it this evening when setting up the new Graylog 1.0.1

  • Log into your Graylog instance as an admin user
  • Select System > Inputs
  • Select "Random HTTP Message Generator" and launch the input
  • Tweak it how you like it, save settings

Now, perform a * (all) search over the past 5 minutes. You should see a good number of messages being generated. Looks to be a good way to confirm that all of the moving parts to your Graylog setup are functional[1]

[1] well, unless you missed all the crashing console messages, that is.