Forward logs to Graylog

Learn how to configure your Stackhero instances to forward system logs to Graylog for centralised log management.

Introduction

Graylog provides a robust and user-friendly platform for managing system logs. It streamlines the collection, organisation, and analysis of logs while offering features such as Slack and email notifications, customisable dashboards, and a powerful query interface. This makes it an excellent tool for enhancing system monitoring, strengthening security, and simplifying troubleshooting processes.

By configuring your Stackhero instances to forward logs to a Graylog server, you can centralise log management, thereby improving the efficiency and effectiveness of your system monitoring efforts.

Setting up Graylog to receive logs

Follow these steps to configure Graylog for receiving logs:

  1. Log in to your Graylog web interface.
  2. Navigate to System > Inputs.
  3. From the Select input dropdown, choose GELF HTTP.
  4. Enable the Global option.
  5. Assign a descriptive name to the input, such as "GELF HTTPS".
  6. Save the configuration settings.

Graylog GELF HTTP Input ConfigurationGraylog GELF HTTP Input Configuration

Next, verify the input port settings in your Stackhero dashboard:

  1. Access your Stackhero dashboard.
  2. Navigate to the configuration page for your Graylog service.
  3. Select Configure.
  4. Confirm that port 12201 is enabled for both TCP and TLS under the Input Ports section. Adjust settings if needed.

Activating TLS on Port 12201 in GraylogActivating TLS on Port 12201 in Graylog

Your Graylog instance is now ready to receive logs from Stackhero.

Configuring your Stackhero instance to send logs to Graylog

To set up a Stackhero instance to forward logs to Graylog:

  1. Log in to the Stackhero dashboard.
  2. Navigate to the service instance you wish to configure.
  3. Select the Logs Forwarder tab.
  4. Enter your Graylog domain in the Graylog Domain field (e.g., <XXXXXX>.stackhero-network.com or your custom domain).
  5. Set the Graylog Port to 12201.
  6. Save the configuration settings.

Once these configurations are saved, your Stackhero instance will begin forwarding logs to your Graylog server.

Stackhero Logs Forwarder ConfigurationStackhero Logs Forwarder Configuration

Verifying log forwarding

To ensure that logs are being forwarded correctly:

  1. Open the Graylog web interface.
  2. Navigate to the Search section.
  3. Enter a query, such as "logs from".
  4. Look for log entries from your instance (e.g., "Logs from svc-xxxxxx") sent to <XXXXXX>.stackhero-network.com:12201.

Graylog Receiving Logs ExampleGraylog Receiving Logs Example

Congratulations! Your Stackhero instances are now successfully forwarding logs to your Graylog server. This setup enables centralised and scalable log monitoring and analysis.

Other articles for Stackhero