Added graylog to the list of softwares. (#2177)
This commit is contained in:
parent
ca80dd1694
commit
a2c7b46766
@ -398,29 +398,29 @@ Always download the latest version of [Loaders for ionCube ](http://www.ioncube.
|
||||
<a name="Install-SonarQube"></a>
|
||||
|
||||
## Install SonarQube (automatic code review tool)
|
||||
SonarQube® is an automatic code review tool to detect bugs, vulnerabilities and code smells in your code. It can integrate with your existing workflow to enable continuous code inspection across your project branches and pull requests.
|
||||
SonarQube® is an automatic code review tool to detect bugs, vulnerabilities and code smells in your code. It can integrate with your existing workflow to enable continuous code inspection across your project branches and pull requests.
|
||||
<br>
|
||||
1 - Open the `.env` file
|
||||
1 - Open the `.env` file
|
||||
<br>
|
||||
2 - Search for the `SONARQUBE_HOSTNAME=sonar.example.com` argument
|
||||
2 - Search for the `SONARQUBE_HOSTNAME=sonar.example.com` argument
|
||||
<br>
|
||||
3 - Set it to your-domain `sonar.example.com`
|
||||
3 - Set it to your-domain `sonar.example.com`
|
||||
<br>
|
||||
4 - `docker-compose up -d sonarqube`
|
||||
4 - `docker-compose up -d sonarqube`
|
||||
<br>
|
||||
5 - Open your browser: http://localhost:9000/
|
||||
|
||||
Troubleshooting:
|
||||
Troubleshooting:
|
||||
|
||||
if you encounter a database error:
|
||||
```
|
||||
docker-compose exec --user=root postgres
|
||||
docker-compose exec --user=root postgres
|
||||
source docker-entrypoint-initdb.d/init_sonarqube_db.sh
|
||||
```
|
||||
|
||||
If you encounter logs error:
|
||||
```
|
||||
docker-compose run --user=root --rm sonarqube chown sonarqube:sonarqube /opt/sonarqube/logs
|
||||
docker-compose run --user=root --rm sonarqube chown sonarqube:sonarqube /opt/sonarqube/logs
|
||||
```
|
||||
[**SonarQube Documentation Here**](https://docs.sonarqube.org/latest/)
|
||||
|
||||
@ -1267,6 +1267,36 @@ docker-compose up -d grafana
|
||||
|
||||
|
||||
|
||||
<br>
|
||||
<a name="Use-Graylog"></a>
|
||||
## Use Graylog
|
||||
|
||||
1 - Boot the container `docker-compose up -d graylog`
|
||||
|
||||
2 - Open your Laravel's `.env` file and set the `GRAYLOG_PASSWORD` to some passsword, and `GRAYLOG_SHA256_PASSWORD` to the sha256 representation of your password (`GRAYLOG_SHA256_PASSWORD` is what matters, `GRAYLOG_PASSWORD` is just a reminder of your password).
|
||||
|
||||
> Your password must be at least 16 characters long
|
||||
> You can generate sha256 of some password with the following command `echo -n somesupersecretpassword | sha256sum`
|
||||
|
||||
```env
|
||||
GRAYLOG_PASSWORD=somesupersecretpassword
|
||||
GRAYLOG_SHA256_PASSWORD=b1cb6e31e172577918c9e7806c572b5ed8477d3f57aa737bee4b5b1db3696f09
|
||||
```
|
||||
|
||||
3 - Go to `http://localhost:9000/` (if your port is not changed)
|
||||
|
||||
4 - Authenticate from the app.
|
||||
|
||||
> Username: admin
|
||||
> Password: somesupersecretpassword (if you haven't changed the password)
|
||||
|
||||
5 - Go to the system->inputs and launch new input
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<br>
|
||||
<a name="Use-Traefik"></a>
|
||||
## Use Traefik
|
||||
|
@ -821,6 +821,36 @@ services:
|
||||
networks:
|
||||
- backend
|
||||
|
||||
### Graylog #######################################
|
||||
graylog:
|
||||
build: ./graylog
|
||||
environment:
|
||||
- GRAYLOG_PASSWORD_SECRET=${GRAYLOG_PASSWORD}
|
||||
- GRAYLOG_ROOT_PASSWORD_SHA2=${GRAYLOG_SHA256_PASSWORD}
|
||||
- GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:${GRAYLOG_PORT}/
|
||||
links:
|
||||
- mongo
|
||||
- elasticsearch
|
||||
depends_on:
|
||||
- mongo
|
||||
- elasticsearch
|
||||
ports:
|
||||
# Graylog web interface and REST API
|
||||
- ${GRAYLOG_PORT}:9000
|
||||
# Syslog TCP
|
||||
- ${GRAYLOG_SYSLOG_TCP_PORT}:514
|
||||
# Syslog UDP
|
||||
- ${GRAYLOG_SYSLOG_UDP_PORT}:514/udp
|
||||
# GELF TCP
|
||||
- ${GRAYLOG_GELF_TCP_PORT}:12201
|
||||
# GELF UDP
|
||||
- ${GRAYLOG_GELF_UDP_PORT}:12201/udp
|
||||
user: root
|
||||
volumes:
|
||||
- ./graylog/config:/usr/share/graylog/data/config
|
||||
networks:
|
||||
- backend
|
||||
|
||||
### Laravel Echo Server #######################################
|
||||
laravel-echo-server:
|
||||
build:
|
||||
@ -1461,7 +1491,7 @@ services:
|
||||
ports:
|
||||
- "${MANTICORE_API_PORT}:9312"
|
||||
- "${MANTICORE_SPHINXQL_PORT}:9306"
|
||||
- "${MANTICORE_HTTP_PORT}:9308"
|
||||
- "${MANTICORE_HTTP_PORT}:9308"
|
||||
networks:
|
||||
- backend
|
||||
|
||||
|
18
env-example
18
env-example
@ -387,6 +387,18 @@ CONFLUENCE_HOST_HTTP_PORT=8090
|
||||
|
||||
GRAFANA_PORT=3000
|
||||
|
||||
### GRAYLOG ###############################################
|
||||
|
||||
# password must be 16 characters long
|
||||
GRAYLOG_PASSWORD=somesupersecretpassword
|
||||
# sha256 representation of the password
|
||||
GRAYLOG_SHA256_PASSWORD=b1cb6e31e172577918c9e7806c572b5ed8477d3f57aa737bee4b5b1db3696f09
|
||||
GRAYLOG_PORT=9000
|
||||
GRAYLOG_SYSLOG_TCP_PORT=514
|
||||
GRAYLOG_SYSLOG_UDP_PORT=514
|
||||
GRAYLOG_GELF_TCP_PORT=12201
|
||||
GRAYLOG_GELF_UDP_PORT=12201
|
||||
|
||||
### BLACKFIRE #############################################
|
||||
|
||||
# Create an account on blackfire.io. Don't enable blackfire and xDebug at the same time. # visit https://blackfire.io/docs/24-days/06-installation#install-probe-debian for more info.
|
||||
@ -704,12 +716,12 @@ PGADMIN_DEFAULT_EMAIL=pgadmin4@pgadmin.org
|
||||
PGADMIN_DEFAULT_PASSWORD=admin
|
||||
|
||||
### SONARQUBE ################################################
|
||||
## docker-compose up -d sonarqube
|
||||
## docker-compose up -d sonarqube
|
||||
## (If you encounter a database error)
|
||||
## docker-compose exec --user=root postgres
|
||||
## docker-compose exec --user=root postgres
|
||||
## source docker-entrypoint-initdb.d/init_sonarqube_db.sh
|
||||
## (If you encounter logs error)
|
||||
## docker-compose run --user=root --rm sonarqube chown sonarqube:sonarqube /opt/sonarqube/logs
|
||||
## docker-compose run --user=root --rm sonarqube chown sonarqube:sonarqube /opt/sonarqube/logs
|
||||
|
||||
SONARQUBE_HOSTNAME=sonar.example.com
|
||||
SONARQUBE_PORT=9000
|
||||
|
3
graylog/Dockerfile
Normal file
3
graylog/Dockerfile
Normal file
@ -0,0 +1,3 @@
|
||||
FROM graylog/graylog:3.0
|
||||
|
||||
EXPOSE 9000
|
481
graylog/config/graylog.conf
Normal file
481
graylog/config/graylog.conf
Normal file
@ -0,0 +1,481 @@
|
||||
############################
|
||||
# GRAYLOG CONFIGURATION FILE
|
||||
############################
|
||||
#
|
||||
# This is the Graylog configuration file. The file has to use ISO 8859-1/Latin-1 character encoding.
|
||||
# Characters that cannot be directly represented in this encoding can be written using Unicode escapes
|
||||
# as defined in https://docs.oracle.com/javase/specs/jls/se8/html/jls-3.html#jls-3.3, using the \u prefix.
|
||||
# For example, \u002c.
|
||||
#
|
||||
# * Entries are generally expected to be a single line of the form, one of the following:
|
||||
#
|
||||
# propertyName=propertyValue
|
||||
# propertyName:propertyValue
|
||||
#
|
||||
# * White space that appears between the property name and property value is ignored,
|
||||
# so the following are equivalent:
|
||||
#
|
||||
# name=Stephen
|
||||
# name = Stephen
|
||||
#
|
||||
# * White space at the beginning of the line is also ignored.
|
||||
#
|
||||
# * Lines that start with the comment characters ! or # are ignored. Blank lines are also ignored.
|
||||
#
|
||||
# * The property value is generally terminated by the end of the line. White space following the
|
||||
# property value is not ignored, and is treated as part of the property value.
|
||||
#
|
||||
# * A property value can span several lines if each line is terminated by a backslash (‘\’) character.
|
||||
# For example:
|
||||
#
|
||||
# targetCities=\
|
||||
# Detroit,\
|
||||
# Chicago,\
|
||||
# Los Angeles
|
||||
#
|
||||
# This is equivalent to targetCities=Detroit,Chicago,Los Angeles (white space at the beginning of lines is ignored).
|
||||
#
|
||||
# * The characters newline, carriage return, and tab can be inserted with characters \n, \r, and \t, respectively.
|
||||
#
|
||||
# * The backslash character must be escaped as a double backslash. For example:
|
||||
#
|
||||
# path=c:\\docs\\doc1
|
||||
#
|
||||
|
||||
# If you are running more than one instances of Graylog server you have to select one of these
|
||||
# instances as master. The master will perform some periodical tasks that non-masters won't perform.
|
||||
is_master = true
|
||||
|
||||
# The auto-generated node ID will be stored in this file and read after restarts. It is a good idea
|
||||
# to use an absolute file path here if you are starting Graylog server from init scripts or similar.
|
||||
node_id_file = /usr/share/graylog/data/config/node-id
|
||||
|
||||
# You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
|
||||
# Generate one by using for example: pwgen -N 1 -s 96
|
||||
password_secret = replacethiswithyourownsecret!
|
||||
|
||||
# The default root user is named 'admin'
|
||||
#root_username = admin
|
||||
|
||||
# You MUST specify a hash password for the root user (which you only need to initially set up the
|
||||
# system and in case you lose connectivity to your authentication backend)
|
||||
# This password cannot be changed using the API or via the web interface. If you need to change it,
|
||||
# modify it in this file.
|
||||
# Create one by using for example: echo -n yourpassword | shasum -a 256
|
||||
# and put the resulting hash value into the following line
|
||||
|
||||
# Default password: admin
|
||||
# CHANGE THIS!
|
||||
root_password_sha2 = 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
|
||||
|
||||
# The email address of the root user.
|
||||
# Default is empty
|
||||
#root_email = ""
|
||||
|
||||
# The time zone setting of the root user. See http://www.joda.org/joda-time/timezones.html for a list of valid time zones.
|
||||
# Default is UTC
|
||||
#root_timezone = UTC
|
||||
|
||||
# Set plugin directory here (relative or absolute)
|
||||
plugin_dir = /usr/share/graylog/plugin
|
||||
|
||||
###############
|
||||
# HTTP settings
|
||||
###############
|
||||
|
||||
#### HTTP bind address
|
||||
#
|
||||
# The network interface used by the Graylog HTTP interface.
|
||||
#
|
||||
# This network interface must be accessible by all Graylog nodes in the cluster and by all clients
|
||||
# using the Graylog web interface.
|
||||
#
|
||||
# If the port is omitted, Graylog will use port 9000 by default.
|
||||
#
|
||||
# Default: 127.0.0.1:9000
|
||||
#http_bind_address = 127.0.0.1:9000
|
||||
#http_bind_address = [2001:db8::1]:9000
|
||||
http_bind_address = 0.0.0.0:9000
|
||||
|
||||
#### HTTP publish URI
|
||||
#
|
||||
# The HTTP URI of this Graylog node which is used to communicate with the other Graylog nodes in the cluster and by all
|
||||
# clients using the Graylog web interface.
|
||||
#
|
||||
# The URI will be published in the cluster discovery APIs, so that other Graylog nodes will be able to find and connect to this Graylog node.
|
||||
#
|
||||
# This configuration setting has to be used if this Graylog node is available on another network interface than $http_bind_address,
|
||||
# for example if the machine has multiple network interfaces or is behind a NAT gateway.
|
||||
#
|
||||
# If $http_bind_address contains a wildcard IPv4 address (0.0.0.0), the first non-loopback IPv4 address of this machine will be used.
|
||||
# This configuration setting *must not* contain a wildcard address!
|
||||
#
|
||||
# Default: http://$http_bind_address/
|
||||
#http_publish_uri = http://192.168.1.1:9000/
|
||||
|
||||
#### External Graylog URI
|
||||
#
|
||||
# The public URI of Graylog which will be used by the Graylog web interface to communicate with the Graylog REST API.
|
||||
#
|
||||
# The external Graylog URI usually has to be specified, if Graylog is running behind a reverse proxy or load-balancer
|
||||
# and it will be used to generate URLs addressing entities in the Graylog REST API (see $http_bind_address).
|
||||
#
|
||||
# When using Graylog Collector, this URI will be used to receive heartbeat messages and must be accessible for all collectors.
|
||||
#
|
||||
# This setting can be overriden on a per-request basis with the "X-Graylog-Server-URL" HTTP request header.
|
||||
#
|
||||
# Default: $http_publish_uri
|
||||
#http_external_uri =
|
||||
|
||||
#### Enable CORS headers for HTTP interface
|
||||
#
|
||||
# This is necessary for JS-clients accessing the server directly.
|
||||
# If these are disabled, modern browsers will not be able to retrieve resources from the server.
|
||||
# This is enabled by default. Uncomment the next line to disable it.
|
||||
#http_enable_cors = false
|
||||
|
||||
#### Enable GZIP support for HTTP interface
|
||||
#
|
||||
# This compresses API responses and therefore helps to reduce
|
||||
# overall round trip times. This is enabled by default. Uncomment the next line to disable it.
|
||||
#http_enable_gzip = false
|
||||
|
||||
# The maximum size of the HTTP request headers in bytes.
|
||||
#http_max_header_size = 8192
|
||||
|
||||
# The size of the thread pool used exclusively for serving the HTTP interface.
|
||||
#http_thread_pool_size = 16
|
||||
|
||||
################
|
||||
# HTTPS settings
|
||||
################
|
||||
|
||||
#### Enable HTTPS support for the HTTP interface
|
||||
#
|
||||
# This secures the communication with the HTTP interface with TLS to prevent request forgery and eavesdropping.
|
||||
#
|
||||
# Default: false
|
||||
#http_enable_tls = true
|
||||
|
||||
# The X.509 certificate chain file in PEM format to use for securing the HTTP interface.
|
||||
#http_tls_cert_file = /path/to/graylog.crt
|
||||
|
||||
# The PKCS#8 private key file in PEM format to use for securing the HTTP interface.
|
||||
#http_tls_key_file = /path/to/graylog.key
|
||||
|
||||
# The password to unlock the private key used for securing the HTTP interface.
|
||||
#http_tls_key_password = secret
|
||||
|
||||
|
||||
# Comma separated list of trusted proxies that are allowed to set the client address with X-Forwarded-For
|
||||
# header. May be subnets, or hosts.
|
||||
#trusted_proxies = 127.0.0.1/32, 0:0:0:0:0:0:0:1/128
|
||||
|
||||
# List of Elasticsearch hosts Graylog should connect to.
|
||||
# Need to be specified as a comma-separated list of valid URIs for the http ports of your elasticsearch nodes.
|
||||
# If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that
|
||||
# requires authentication.
|
||||
#
|
||||
# Default: http://127.0.0.1:9200
|
||||
elasticsearch_hosts = http://elasticsearch:9200
|
||||
|
||||
# Maximum amount of time to wait for successfull connection to Elasticsearch HTTP port.
|
||||
#
|
||||
# Default: 10 Seconds
|
||||
#elasticsearch_connect_timeout = 10s
|
||||
|
||||
# Maximum amount of time to wait for reading back a response from an Elasticsearch server.
|
||||
#
|
||||
# Default: 60 seconds
|
||||
#elasticsearch_socket_timeout = 60s
|
||||
|
||||
# Maximum idle time for an Elasticsearch connection. If this is exceeded, this connection will
|
||||
# be tore down.
|
||||
#
|
||||
# Default: inf
|
||||
#elasticsearch_idle_timeout = -1s
|
||||
|
||||
# Maximum number of total connections to Elasticsearch.
|
||||
#
|
||||
# Default: 20
|
||||
#elasticsearch_max_total_connections = 20
|
||||
|
||||
# Maximum number of total connections per Elasticsearch route (normally this means per
|
||||
# elasticsearch server).
|
||||
#
|
||||
# Default: 2
|
||||
#elasticsearch_max_total_connections_per_route = 2
|
||||
|
||||
# Maximum number of times Graylog will retry failed requests to Elasticsearch.
|
||||
#
|
||||
# Default: 2
|
||||
#elasticsearch_max_retries = 2
|
||||
|
||||
# Enable automatic Elasticsearch node discovery through Nodes Info,
|
||||
# see https://www.elastic.co/guide/en/elasticsearch/reference/5.4/cluster-nodes-info.html
|
||||
#
|
||||
# WARNING: Automatic node discovery does not work if Elasticsearch requires authentication, e. g. with Shield.
|
||||
#
|
||||
# Default: false
|
||||
#elasticsearch_discovery_enabled = true
|
||||
|
||||
# Filter for including/excluding Elasticsearch nodes in discovery according to their custom attributes,
|
||||
# see https://www.elastic.co/guide/en/elasticsearch/reference/5.4/cluster.html#cluster-nodes
|
||||
#
|
||||
# Default: empty
|
||||
#elasticsearch_discovery_filter = rack:42
|
||||
|
||||
# Frequency of the Elasticsearch node discovery.
|
||||
#
|
||||
# Default: 30s
|
||||
# elasticsearch_discovery_frequency = 30s
|
||||
|
||||
# Enable payload compression for Elasticsearch requests.
|
||||
#
|
||||
# Default: false
|
||||
#elasticsearch_compression_enabled = true
|
||||
|
||||
# Disable checking the version of Elasticsearch for being compatible with this Graylog release.
|
||||
# WARNING: Using Graylog with unsupported and untested versions of Elasticsearch may lead to data loss!
|
||||
#elasticsearch_disable_version_check = true
|
||||
|
||||
# Disable message retention on this node, i. e. disable Elasticsearch index rotation.
|
||||
#no_retention = false
|
||||
|
||||
# Do you want to allow searches with leading wildcards? This can be extremely resource hungry and should only
|
||||
# be enabled with care. See also: http://docs.graylog.org/en/2.1/pages/queries.html
|
||||
allow_leading_wildcard_searches = false
|
||||
|
||||
# Do you want to allow searches to be highlighted? Depending on the size of your messages this can be memory hungry and
|
||||
# should only be enabled after making sure your Elasticsearch cluster has enough memory.
|
||||
allow_highlighting = false
|
||||
|
||||
# Global request timeout for Elasticsearch requests (e. g. during search, index creation, or index time-range
|
||||
# calculations) based on a best-effort to restrict the runtime of Elasticsearch operations.
|
||||
# Default: 1m
|
||||
#elasticsearch_request_timeout = 1m
|
||||
|
||||
# Global timeout for index optimization (force merge) requests.
|
||||
# Default: 1h
|
||||
#elasticsearch_index_optimization_timeout = 1h
|
||||
|
||||
# Maximum number of concurrently running index optimization (force merge) jobs.
|
||||
# If you are using lots of different index sets, you might want to increase that number.
|
||||
# Default: 20
|
||||
#elasticsearch_index_optimization_jobs = 20
|
||||
|
||||
# Time interval for index range information cleanups. This setting defines how often stale index range information
|
||||
# is being purged from the database.
|
||||
# Default: 1h
|
||||
#index_ranges_cleanup_interval = 1h
|
||||
|
||||
# Batch size for the Elasticsearch output. This is the maximum (!) number of messages the Elasticsearch output
|
||||
# module will get at once and write to Elasticsearch in a batch call. If the configured batch size has not been
|
||||
# reached within output_flush_interval seconds, everything that is available will be flushed at once. Remember
|
||||
# that every outputbuffer processor manages its own batch and performs its own batch write calls.
|
||||
# ("outputbuffer_processors" variable)
|
||||
output_batch_size = 500
|
||||
|
||||
# Flush interval (in seconds) for the Elasticsearch output. This is the maximum amount of time between two
|
||||
# batches of messages written to Elasticsearch. It is only effective at all if your minimum number of messages
|
||||
# for this time period is less than output_batch_size * outputbuffer_processors.
|
||||
output_flush_interval = 1
|
||||
|
||||
# As stream outputs are loaded only on demand, an output which is failing to initialize will be tried over and
|
||||
# over again. To prevent this, the following configuration options define after how many faults an output will
|
||||
# not be tried again for an also configurable amount of seconds.
|
||||
output_fault_count_threshold = 5
|
||||
output_fault_penalty_seconds = 30
|
||||
|
||||
# The number of parallel running processors.
|
||||
# Raise this number if your buffers are filling up.
|
||||
processbuffer_processors = 5
|
||||
outputbuffer_processors = 3
|
||||
|
||||
# The following settings (outputbuffer_processor_*) configure the thread pools backing each output buffer processor.
|
||||
# See https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ThreadPoolExecutor.html for technical details
|
||||
|
||||
# When the number of threads is greater than the core (see outputbuffer_processor_threads_core_pool_size),
|
||||
# this is the maximum time in milliseconds that excess idle threads will wait for new tasks before terminating.
|
||||
# Default: 5000
|
||||
#outputbuffer_processor_keep_alive_time = 5000
|
||||
|
||||
# The number of threads to keep in the pool, even if they are idle, unless allowCoreThreadTimeOut is set
|
||||
# Default: 3
|
||||
#outputbuffer_processor_threads_core_pool_size = 3
|
||||
|
||||
# The maximum number of threads to allow in the pool
|
||||
# Default: 30
|
||||
#outputbuffer_processor_threads_max_pool_size = 30
|
||||
|
||||
# UDP receive buffer size for all message inputs (e. g. SyslogUDPInput).
|
||||
#udp_recvbuffer_sizes = 1048576
|
||||
|
||||
# Wait strategy describing how buffer processors wait on a cursor sequence. (default: sleeping)
|
||||
# Possible types:
|
||||
# - yielding
|
||||
# Compromise between performance and CPU usage.
|
||||
# - sleeping
|
||||
# Compromise between performance and CPU usage. Latency spikes can occur after quiet periods.
|
||||
# - blocking
|
||||
# High throughput, low latency, higher CPU usage.
|
||||
# - busy_spinning
|
||||
# Avoids syscalls which could introduce latency jitter. Best when threads can be bound to specific CPU cores.
|
||||
processor_wait_strategy = blocking
|
||||
|
||||
# Size of internal ring buffers. Raise this if raising outputbuffer_processors does not help anymore.
|
||||
# For optimum performance your LogMessage objects in the ring buffer should fit in your CPU L3 cache.
|
||||
# Must be a power of 2. (512, 1024, 2048, ...)
|
||||
ring_size = 65536
|
||||
|
||||
inputbuffer_ring_size = 65536
|
||||
inputbuffer_processors = 2
|
||||
inputbuffer_wait_strategy = blocking
|
||||
|
||||
# Enable the disk based message journal.
|
||||
message_journal_enabled = true
|
||||
|
||||
# The directory which will be used to store the message journal. The directory must me exclusively used by Graylog and
|
||||
# must not contain any other files than the ones created by Graylog itself.
|
||||
#
|
||||
# ATTENTION:
|
||||
# If you create a seperate partition for the journal files and use a file system creating directories like 'lost+found'
|
||||
# in the root directory, you need to create a sub directory for your journal.
|
||||
# Otherwise Graylog will log an error message that the journal is corrupt and Graylog will not start.
|
||||
message_journal_dir = /usr/share/graylog/data/journal
|
||||
|
||||
# Journal hold messages before they could be written to Elasticsearch.
|
||||
# For a maximum of 12 hours or 5 GB whichever happens first.
|
||||
# During normal operation the journal will be smaller.
|
||||
#message_journal_max_age = 12h
|
||||
#message_journal_max_size = 5gb
|
||||
|
||||
#message_journal_flush_age = 1m
|
||||
#message_journal_flush_interval = 1000000
|
||||
#message_journal_segment_age = 1h
|
||||
#message_journal_segment_size = 100mb
|
||||
|
||||
# Number of threads used exclusively for dispatching internal events. Default is 2.
|
||||
#async_eventbus_processors = 2
|
||||
|
||||
# How many seconds to wait between marking node as DEAD for possible load balancers and starting the actual
|
||||
# shutdown process. Set to 0 if you have no status checking load balancers in front.
|
||||
lb_recognition_period_seconds = 3
|
||||
|
||||
# Journal usage percentage that triggers requesting throttling for this server node from load balancers. The feature is
|
||||
# disabled if not set.
|
||||
#lb_throttle_threshold_percentage = 95
|
||||
|
||||
# Every message is matched against the configured streams and it can happen that a stream contains rules which
|
||||
# take an unusual amount of time to run, for example if its using regular expressions that perform excessive backtracking.
|
||||
# This will impact the processing of the entire server. To keep such misbehaving stream rules from impacting other
|
||||
# streams, Graylog limits the execution time for each stream.
|
||||
# The default values are noted below, the timeout is in milliseconds.
|
||||
# If the stream matching for one stream took longer than the timeout value, and this happened more than "max_faults" times
|
||||
# that stream is disabled and a notification is shown in the web interface.
|
||||
#stream_processing_timeout = 2000
|
||||
#stream_processing_max_faults = 3
|
||||
|
||||
# Length of the interval in seconds in which the alert conditions for all streams should be checked
|
||||
# and alarms are being sent.
|
||||
#alert_check_interval = 60
|
||||
|
||||
# Since 0.21 the Graylog server supports pluggable output modules. This means a single message can be written to multiple
|
||||
# outputs. The next setting defines the timeout for a single output module, including the default output module where all
|
||||
# messages end up.
|
||||
#
|
||||
# Time in milliseconds to wait for all message outputs to finish writing a single message.
|
||||
#output_module_timeout = 10000
|
||||
|
||||
# Time in milliseconds after which a detected stale master node is being rechecked on startup.
|
||||
#stale_master_timeout = 2000
|
||||
|
||||
# Time in milliseconds which Graylog is waiting for all threads to stop on shutdown.
|
||||
#shutdown_timeout = 30000
|
||||
|
||||
# MongoDB connection string
|
||||
# See https://docs.mongodb.com/manual/reference/connection-string/ for details
|
||||
mongodb_uri = mongodb://mongo/graylog
|
||||
|
||||
# Authenticate against the MongoDB server
|
||||
#mongodb_uri = mongodb://grayloguser:secret@mongo:27017/graylog
|
||||
|
||||
# Use a replica set instead of a single host
|
||||
#mongodb_uri = mongodb://grayloguser:secret@mongo:27017,mongo:27018,mongo:27019/graylog
|
||||
|
||||
# Increase this value according to the maximum connections your MongoDB server can handle from a single client
|
||||
# if you encounter MongoDB connection problems.
|
||||
mongodb_max_connections = 100
|
||||
|
||||
# Number of threads allowed to be blocked by MongoDB connections multiplier. Default: 5
|
||||
# If mongodb_max_connections is 100, and mongodb_threads_allowed_to_block_multiplier is 5,
|
||||
# then 500 threads can block. More than that and an exception will be thrown.
|
||||
# http://api.mongodb.com/java/current/com/mongodb/MongoOptions.html#threadsAllowedToBlockForConnectionMultiplier
|
||||
mongodb_threads_allowed_to_block_multiplier = 5
|
||||
|
||||
# Drools Rule File (Use to rewrite incoming log messages)
|
||||
# See: http://docs.graylog.org/en/2.1/pages/drools.html
|
||||
#rules_file = /etc/graylog/server/rules.drl
|
||||
|
||||
# Email transport
|
||||
#transport_email_enabled = false
|
||||
#transport_email_hostname = mail.example.com
|
||||
#transport_email_port = 587
|
||||
#transport_email_use_auth = true
|
||||
#transport_email_use_tls = true
|
||||
#transport_email_use_ssl = true
|
||||
#transport_email_auth_username = you@example.com
|
||||
#transport_email_auth_password = secret
|
||||
#transport_email_subject_prefix = [graylog]
|
||||
#transport_email_from_email = graylog@example.com
|
||||
|
||||
# Specify and uncomment this if you want to include links to the stream in your stream alert mails.
|
||||
# This should define the fully qualified base url to your web interface exactly the same way as it is accessed by your users.
|
||||
#transport_email_web_interface_url = https://graylog.example.com
|
||||
|
||||
# The default connect timeout for outgoing HTTP connections.
|
||||
# Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
|
||||
# Default: 5s
|
||||
#http_connect_timeout = 5s
|
||||
|
||||
# The default read timeout for outgoing HTTP connections.
|
||||
# Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
|
||||
# Default: 10s
|
||||
#http_read_timeout = 10s
|
||||
|
||||
# The default write timeout for outgoing HTTP connections.
|
||||
# Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
|
||||
# Default: 10s
|
||||
#http_write_timeout = 10s
|
||||
|
||||
# HTTP proxy for outgoing HTTP connections
|
||||
#http_proxy_uri =
|
||||
|
||||
# The threshold of the garbage collection runs. If GC runs take longer than this threshold, a system notification
|
||||
# will be generated to warn the administrator about possible problems with the system. Default is 1 second.
|
||||
#gc_warning_threshold = 1s
|
||||
|
||||
# Connection timeout for a configured LDAP server (e. g. ActiveDirectory) in milliseconds.
|
||||
#ldap_connection_timeout = 2000
|
||||
|
||||
# Disable the use of SIGAR for collecting system stats
|
||||
#disable_sigar = false
|
||||
|
||||
# The default cache time for dashboard widgets. (Default: 10 seconds, minimum: 1 second)
|
||||
#dashboard_widget_default_cache_time = 10s
|
||||
|
||||
# Automatically load content packs in "content_packs_dir" on the first start of Graylog.
|
||||
content_packs_loader_enabled = true
|
||||
|
||||
# The directory which contains content packs which should be loaded on the first start of Graylog.
|
||||
content_packs_dir = /usr/share/graylog/data/contentpacks
|
||||
|
||||
# A comma-separated list of content packs (files in "content_packs_dir") which should be applied on
|
||||
# the first start of Graylog.
|
||||
# Default: empty
|
||||
content_packs_auto_load = grok-patterns.json
|
||||
|
||||
# For some cluster-related REST requests, the node must query all other nodes in the cluster. This is the maximum number
|
||||
# of threads available for this. Increase it, if '/cluster/*' requests take long to complete.
|
||||
# Should be http_thread_pool_size * average_cluster_size if you have a high number of concurrent users.
|
||||
proxied_requests_thread_pool_size = 32
|
35
graylog/config/log4j2.xml
Normal file
35
graylog/config/log4j2.xml
Normal file
@ -0,0 +1,35 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<Configuration packages="org.graylog2.log4j" shutdownHook="disable">
|
||||
<Appenders>
|
||||
<Console name="STDOUT" target="SYSTEM_OUT">
|
||||
<PatternLayout pattern="%d %-5p: %c - %m%n"/>
|
||||
</Console>
|
||||
|
||||
<!-- Internal Graylog log appender. Please do not disable. This makes internal log messages available via REST calls. -->
|
||||
<Memory name="graylog-internal-logs" bufferSize="500"/>
|
||||
</Appenders>
|
||||
<Loggers>
|
||||
<!-- Application Loggers -->
|
||||
<Logger name="org.graylog2" level="info"/>
|
||||
<Logger name="com.github.joschi.jadconfig" level="warn"/>
|
||||
<!-- this emits a harmless warning for ActiveDirectory every time which we can't work around :( -->
|
||||
<Logger name="org.apache.directory.api.ldap.model.message.BindRequestImpl" level="error"/>
|
||||
<!-- Prevent DEBUG message about Lucene Expressions not found. -->
|
||||
<Logger name="org.elasticsearch.script" level="warn"/>
|
||||
<!-- Disable messages from the version check -->
|
||||
<Logger name="org.graylog2.periodical.VersionCheckThread" level="off"/>
|
||||
<!-- Suppress crazy byte array dump of Drools -->
|
||||
<Logger name="org.drools.compiler.kie.builder.impl.KieRepositoryImpl" level="warn"/>
|
||||
<!-- Silence chatty natty -->
|
||||
<Logger name="com.joestelmach.natty.Parser" level="warn"/>
|
||||
<!-- Silence Kafka log chatter -->
|
||||
<Logger name="kafka.log.Log" level="warn"/>
|
||||
<Logger name="kafka.log.OffsetIndex" level="warn"/>
|
||||
<!-- Silence useless session validation messages -->
|
||||
<Logger name="org.apache.shiro.session.mgt.AbstractValidatingSessionManager" level="warn"/>
|
||||
<Root level="warn">
|
||||
<AppenderRef ref="STDOUT"/>
|
||||
<AppenderRef ref="graylog-internal-logs"/>
|
||||
</Root>
|
||||
</Loggers>
|
||||
</Configuration>
|
Loading…
Reference in New Issue
Block a user