Graylog: Configure inputs

How to configure Graylog inputs

👋 Welcome to the Stackhero documentation!

Stackhero offers a ready-to-use Graylog cloud solution that provides a host of benefits, including:

  • Unlimited and dedicated SMTP email server included.
  • Effortless updates with just a click.
  • Customizable domain name secured with HTTPS (for example, https://logs.your-company.com).
  • Optimal performance and robust security powered by a private and dedicated VM.

Save time and simplify your life: it only takes 5 minutes to try Stackhero's Graylog cloud hosting solution!

What is a Graylog input

Graylog ingests logs from your apps, servers, routers or switches using one or more inputs. These inputs support TCP or UDP protocols and can handle various data formats such as GELF, CEF, Syslog or RAW. TLS encryption (SSL/HTTPS) can be activated in the Stackhero dashboard for TCP inputs.

Note that you can also connect to a Kafka or a RabbitMQ (AMQP) server. In this scenario, Graylog will connect directly to your Kafka or RabbitMQ server and you will not need to follow this guide.

If you don't know which kind of input you should use, first read our "Choose inputs types" guide.

How to create an input on Graylog

To set up your Graylog input, you first need to create it on the Graylog web UI. Afterward, declare the input on the Stackhero dashboard and open the necessary firewall port(s) to allow traffic to reach your instance.

1. Declare the input on Graylog web UI

  1. Connect to your Graylog web UI and navigate to System, then Inputs.

  2. In the Select input dropdown, choose an input based on the type of data you will receive and click Launch new input.

    Selecting an input on Graylog web UISelecting an input on Graylog web UI

  3. In the modal that opens, check Global and assign a title (for example, "GELF UDP" if you do not have a more specific title). Avoid altering any other settings unless you are certain about the changes.

If you plan to use TLS encryption (SSL/HTTPS), DO NOT select TLS in the Graylog web UI. TLS encryption is managed directly by your reverse proxy through the Stackhero dashboard.

Example of a GELF UDP input in GraylogExample of a GELF UDP input in Graylog

  1. Note the port of your input as you will need to specify it on the Stackhero dashboard later. Then, click Save.

2. Declare the input on Stackhero

After creating the input on the Graylog web UI, you need to declare it on the Stackhero dashboard.

  1. Go to your Stackhero dashboard and select your Graylog instance.
  2. Click on the Configure button.
  3. In the Input ports list, check if the port of your new input is declared. If not, add it.
  4. Verify the protocol type (UDP or TCP). If you use TCP, you can enable TLS encryption (SSL/HTTPS) by checking the corresponding option (remember that you should not enable TLS on the Graylog web UI!).
  5. Once you have completed these steps, validate your new configuration.

Example of a GELF UDP input configuration on StackheroExample of a GELF UDP input configuration on Stackhero

3. Allow traffic on the firewall

Finally, after declaring your input on the Stackhero dashboard, you need to allow the traffic through your firewall.

  1. Go to the Stackhero dashboard, select your Graylog service, and click on Firewall.
  2. Ensure there is a rule accepting traffic from your IP (or use 0.0.0.0/0 to allow any IP).
  3. If such a rule does not exist, create one by clicking the Add a rule button.
  4. Select the IP you want to allow (set it to 0.0.0.0/0 for any IP), and specify the ports that will receive data from this IP.
  5. Choose the Accept action.

Save the rule and validate the configuration by clicking the Validate button.

Example of a firewall configurationExample of a firewall configuration

Your input is now fully configured and ready for use!

Troubleshooting: a Graylog input doesn't work

If a Graylog input does not work as expected, review the following checklist:

  1. On the Graylog web UI:

    1. Go to System then Inputs and confirm that the input is running.
    2. Verify the protocol (UDP or TCP) is correct.
    3. If using TCP, ensure that tls_enable is set to false since encryption is managed on the Stackhero dashboard.
    4. Confirm that the port is correct.
    5. Verify that the data format is accurate (GELF, CEF, RAW or Syslog).

  2. On the Stackhero dashboard:

    1. Select your Graylog instance and click the Configure button.
    2. In the Input ports list, ensure that the port is defined with the proper protocol (UDP or TCP).
    3. If using TCP, confirm that the TLS option is enabled for encryption (SSL/HTTPS).

  3. On the firewall:

    1. In the Stackhero dashboard, select your Graylog instance and click on the Firewall tab.
    2. Ensure there is a rule accepting traffic for the input port and protocol. If you want to allow any IP, set the IP field to 0.0.0.0/0.

By following this checklist, there should be no reason for the input to fail.

Other articles for Graylog