We are overwhelmed with all the excellent proposals we received for the OSCamp #1. We are happy to announce the speakers line-up for the 2018 Camp.
Confirmed speakers are:
Lennart Koopmann | GRAYLOG
Jan Doberstein | GRAYLOG
Daniel Neuberger | NETWAYS
Rico Spiesberger | MANN+HUMMEL
Dr. Matthias Dellweg | ATIX AG
Tanya Tereshchenko | Red Hat Czech s.r.o.
Timo Goebel | FILIADATA GmbH
Ewoud Kohl van Wijngaarden
Alexander Olofsson & Magnus Svensson | Linköpings University
…look for the updated speakers-list and further details here.
Short overview of the Open Source Camp
The main idea behind the OSCamp is a day packed with expert talks on the newest research, developments and future trends. The 2018 issue is dedicated to the OS projects Foreman and Graylog. Designed for experienced administrators and architects, the Camp will reflect new influences and developments of the featured Open Source projects. Get in touch with like-minded people, share expertise and discover new grounds – go for OSCamp this summer!
Does it sound tempting? Get your tickets here.
We look forward to welcoming you @OSCamp on June 14, 2018 in Berlin!
Complete your Open Source Data Center Conference 2018 experience and participate in the Open Source Camp!
The Open Source Camp is a conference format related to changing Open Source projects and products and of course their communities. OSCamp #1 is dedicated to Foreman & Graylog.
The one-day event comprises expert presentations and tutorials on technical backgrounds, how-tos, as well as future trends and perspectives. Focusing on advanced topics, the OSCamp is especially adapted to experienced administrators and architects.
Taking place on June 14, the camp follows directly the OSDC lecture program. Extend your stay at the OSDC venue get in touch with the OS enthusiasts behind the presented OS projects. Learn new features and techniques, benefit from their extensive know-how and get up-dated on the latest developments.
Have fun meeting like-minded people, sharing expertise and discovering new grounds! REGISTER NOW!
The NETWAYS trainings are proof of our love for Open Source. And as we always want to share our knowledge, we are happy to present our spring trainings:
1. Fundamentals for Puppet: 3 days training | 17.04.2018 to 19.04.2018
Learn the basic functionality behind the Puppet abstraction layer, how to build Puppet modules, and how to develop them from the local prototype to deployment on the Puppet master.
2. Ansible: 2 days training | 17.04.2018 to 18.04.2018
Learn to install and use Ansible. The training will focus on the configuration of Linux / Unix systems, the use of playbooks, and roles, as well as providing instructions for creating your own modules.
3. Ansible AWX: 1-day training | 19.04.2018 and 20.04.2018
Quick overview of the capabilities of Ansible AWX and working with AWX.
4. Graphite + Grafana: 2 days training | 24.04.2018 to 25.04.2018
Learn everything you need for running bigger, but also complex, environments.
5. Graylog:2 days training | 24.04.2018 to 25.04.2018
Learn installation and configuration of all platform components for collecting and processing log data, as well as their scaling. The goal of the training is to provide you with the knowledge you need to start your own Graylog installation.
We prefer a limited number of participants, to achieve a goal-oriented and efficient course of our training. We also provide hands on material.
Interested? Register now, more information on Trainings at NETWAYS watch this space.
Was Graylog ist und wie das alles funktioniert, können euch unsere erfahrenen Trainer in einer unserer Graylog Schulungen beibringen.
Diese besondere Open Source Log Management Plattform kann Logdaten von Anwendungen, Betriebssystemen und Netzwerkinfrastruktur zentral sammeln, verarbeiten und verwalten. Darüber hinaus können alle Netzwerkaktivitäten überwacht werden, zudem wird der Netzwerkverkehr analysiert, um eventuelle Einbrüche bei Zeiten zu erkennen und somit größeren Problemen entgegenzuwirken.
Hier die genauen Inhalte der zweitägigen Schulung:
- Einführung in Graylog
- Auswahl einer für Sie geeigneten Installationsmethode und Konfiguration von Graylog
- Erstellen von Inputs und Extraktoren zum Sammeln und Bereinigen von Logdaten
- Einsatz von Streams zur Kategorisierung von Logdaten
- Einführung in Dashboards und Widgets zur Visualisierung von Logdaten
- Einführung in Alerts – Graylog als Teil eines Monitoringsystems
- Nutzung der Processing Pipelines für flexibles Routing, Filtern, Modifizieren und Anreichern von Logdaten
- Skalierung von Graylog und Bau einer hochverfügbaren Umgebung
- Suche und Analyse aufgezeichneter Daten
Die nächste Graylog Schulung am 05.12.2017 findet schon kurz nach der OSMC statt (hier gibt’s übrigens auch einen Graylog-Vortrag). Plätze sind aktuell noch verfügbar!
Zu den genauen Infos und zur Anmeldung geht’s hier entlang.
This week we had the pleasure to welcome Jan Doberstein from Graylog. On Monday our consulting team and myself attended a Graylog workshop held by Jan. Since many of us are already familiar with log management (e.g. Elastic Stack), we’ve skipped the basics and got a deep-dive into the Graylog stack.
You’ll need Elasticsearch, MongoDB and Graylog Server running on your instance and then you are good to go. MongoDB is mainly used for caching and sessions but also as user storage e.g. for dashboards and more. Graylog Server provides a REST API and web interface.
Configuration and Inputs
Once you’ve everything up and running, open your browser and log into Graylog. The default entry page greets you with additional tips and tricks. Graylog is all about usability – you are advised to create inputs to send in data from remote. Everything can be configured via the web interface, or the REST API. Jan also told us that some more advanced settings are only available via the REST API.
If you need more input plugins, you can search the marketplace and install the required one. Or you’ll create your own. By default Graylog supports GELF, Beats, Syslog, Kafka, AMQP, HTTP.
One thing I also learned during our workshop: Graylog also supports Elastic Beats as input. This allows even more possibilities to integrate existing setups with Icingabeat, filebeat, winlogbeat and more.
Graylog supports “internal auth” (manual user creation), sessions/tokens and also LDAP/AD. You can configure and test that via the web interface. One thing to note: The LDAP library doesn’t support nested groups for now. You can create and assign specific roles with restrictions. Even multiple providers and their order can be specified.
Streams and Alerts
Incoming messages can be routed into so-called “streams”. You can inspect an existing message and create a rule set based on these details. That way you can for example route your Icinga 2 notification events into Graylog and correlate events in defined streams.
Alerts can be defined based on existing streams. The idea is to check for a specific message count and apply threshold rules. Alerts can also be reset after a defined grace period. If you dig deeper, you’ll also recognise the alert notifications which could be Email or HTTP. We’ve also discussed an alert handling which connects to the Icinga 2 API similar to the Logstash Icinga output. Keep your fingers crossed.
You can add stream message counters, histograms and more to your own dashboards. Refresh settings and fullscreen mode are available too. You can export and share these dashboards. If you are looking for automated deployments, those dashboards can be imported via the REST API too.
Graylog 2.3 is currently in alpha stages and will be released in Summer 2017. We’ve also learned that it will introduce Elasticsearch 5 as backend. This enables Graylog to use the HTTP API instead of “simulating” a cluster node at the moment. The upcoming release also adds support for lookup tables.
I’ve been fixing a bug inside the Icinga 2 GelfWriter feature lately and was looking for a quick test environment. Turns out that the Graylog project offers Docker compose scripts to bring up a fully running instance. I’ve slightly modified the docker-compose.yml to export the default GELF TCP input port 12201 on localhost.
command: "elasticsearch -Des.cluster.name='graylog'"
Navigate to http://localhost:9000/system/inputs (admin/admin) and add additional inputs, like “Gelf TCP”.
I just enabled the “gelf” feature in Icinga 2 and pointed it to port 12201. As you can see, there’s some data running into. All screenshots above have been taken from that demo too 😉
Jan continued the week with our official two day Graylog training. From a personal view I am really happy to welcome Graylog to our technology stack. I’ve been talking about Graylog with Bernd Ahlers at OSMC 2014 and now am even more excited about the newest additions in v2.x. Hopefully Jan joins us for OSMC 2017, Call for Papers is already open 🙂
My colleagues are already building Graylog clusters and more integrations. Get in touch if you need help with integrating Graylog into your infrastructure stack 🙂