Manually purge data from Graylog 2.1

First aid: check which indices are present:

curl http://localhost:9200/_cat/indices

Then delete the oldest indices (you should not delete all)

curl -XDELETE http://localhost:9200/graylog_1
curl -XDELETE http://localhost:9200/graylog_2
curl -XDELETE http://localhost:9200/graylog_3

Fix: You can then reduce the parameter elasticsearch_max_number_of_indices in /etc/graylog/server/server.conf to a value that fits your disk.

Src: https://stackoverflow.com/questions/39502069/how-to-manually-purge-data-from-graylog-2-1

Share

Add Geolocation to Graylog 2

The Graylog Map Widget is the plugin providing geolocation capabilities to Graylog. The plugin is compatible with Graylog 2.0.0 and higher, and it is installed by default, although some configuration is still required on your side. This section explains how to configure the plugin in detail.

In case you need to reinstall the plugin for some reason, you can find it inside the Graylog tarball in our downloads page. Follow the instructions in Installing and loading plugins to install it.

Configure the database

In first place, you need to download a geolocation database. We currently support MaxMind City databases in the MaxMind DB format, as the GeoIP2 City Database or GeoLite2 City Database that MaxMind provides.

The next step is to store the geolocation database in all servers running Graylog. As an example, if you were using the Graylog OVA, you could save the database in the /var/opt/graylog/data folder, along with other data used by Graylog. Make sure you grant the right permissions so the user running Graylog can read the file. Continue reading “Add Geolocation to Graylog 2” »

Share

Install Graylog2 on Debian 9

1 Install Required Packages

Before starting, you will need to install Java 8 and other required packages to your system. Not all required packages are available in Debian 9 standard repository, so you will need to add Debian Backports to the list of package source. First, login with root user and create a backport.list file:

nano /etc/apt/sources.list.d/backport.list

Add the following line:

deb http://ftp.debian.org/debian stretch-backports main

Save the file when you are finished, then update your system with the following command:

apt-get update -y
apt-get upgrade -y

Once your system is up-to-date, install all the packages with the following command:

apt-get install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen -y

Once all the required packages are installed, you can proceed to install MongoDB. Continue reading “Install Graylog2 on Debian 9” »

Share