Logging Scenario - Send Local Logs to Graylog

Last modified on August 10, 2022

Scenario: You want to save gateway/relay logs to Graylog. This guide presents a simple method to send all gateway/relay logs to your Graylog log server using Filebeat as a “sidecar”.

Setting up the export

  1. Enable relay logging in the Admin UI under Settings / Log Encryption & Storage. Ensure logging is set to FILE.

  2. Create a standard “Filebeat on Linux” Sidecar/Collector as per the Graylog documentation.

  3. Use the following configuration for your Collector:

    # Needed for Graylog
    fields_under_root: true
    fields.collector_node_id: ${sidecar.nodeName}
    fields.gl2_source_collector: ${sidecar.nodeId}
    
    filebeat.inputs:
    - input_type: log
    paths:
        - /home/ubuntu/.sdm/logs/*.log
    
    type: log
    output.logstash:
    hosts: ["52.33.177.178:5044"]
    path:
    data: /var/lib/graylog-sidecar/collectors/filebeat/data
    logs: /var/lib/graylog-sidecar/collectors/filebeat/log
    
  4. Modify the paths value to use the absolute path to your SDM logs folder.

  5. Modify the hosts value to use the host/IP and port for your Graylog server, so that the Sidecar can push logs to it.

  6. Check your Graylog console and look for messages like this:

    Graylog Console
    Graylog Console
Top