Dear all
After searching a manageble solution for analysing firwall logs on my homegrown OPNSense, I picked up a lot of ideas from the community and build a solution, based on docker containers and graylog, that is supposed to be easy installable with some basic IT Know-How. It could be the starting point for someone not willing to dig deep into elasticsearch or graylog configuration, but to get nice and usable results with minimal effort.
I called the project "GraySense" and the very first version could be found here:
https://gitlab.com/thetagamma11/greysense
Basically it's just a snapshot of a working environment with a compose file and a Graylog ContentPack. The most further effort will probably go the the README, as this is the crucial part to make it reproducable for starters (like I was some weeks before ;-) )
I'd be happy if you find it useful an would appreciate ramblings, critics, suggestions and commits :-)
Best
Theta
Nice idea :)
Hey just wanted to add a note on this.. I installed this today to test and had to set the version of graylog to 3.1.2-1 in the compose file. They changed the entry point in the newer versions to include "tini -- /docker-entrypoint" and i'm not exactly a docker wiz by any means so the simpliest solution appeared to be reverting versions
welp, nvm i take that back. was GRAYLOG_HTTP_EXTERNAL_URI= it didn't like...commented that out and updated back to 3.1 stable...working fine
Very nice project.
But is it possible to show CPU usage, ... in Graylog or only in Zabbix?:)