Graylog: Configure inputs

How to configure Graylog inputs

👋 Welcome to the Stackhero documentation!

Stackhero offers a ready-to-use Graylog cloud solution that provides a host of benefits, including:

  • Unlimited and dedicated SMTP email server included.
  • Effortless updates with just a click.
  • Customizable domain name secured with HTTPS (for example, https://logs.your-company.com).
  • Optimal performance and robust security powered by a private and dedicated VM.

Save time and simplify your life: it only takes 5 minutes to try Stackhero's Graylog cloud hosting solution!

What is a Graylog input

Graylog collects logs from your applications, servers, routers, or switches using one or more inputs. These inputs support TCP or UDP protocols and can handle various data formats such as GELF, CEF, Syslog, or RAW. TLS encryption (SSL/HTTPS) can be enabled from the Stackhero dashboard for TCP inputs.

Note that you can also connect to a Kafka or RabbitMQ (AMQP) server. In this case, Graylog will connect directly to your Kafka or RabbitMQ server and you will not need to follow this guide.

If you are unsure which type of input to use, start by reading our "Choose inputs types" guide.

How to create an input on Graylog

To configure your Graylog input, you must first create it from the Graylog web UI. Then, declare the input on the Stackhero dashboard and open the necessary firewall port(s) to allow traffic to reach your instance.

1. Declare the input on the Graylog web UI

  1. Log in to your Graylog web UI and go to System, then Inputs.

  2. In the Select input dropdown menu, choose an input based on the type of data you will receive and click Launch new input.

    Selecting an input on Graylog web UISelecting an input on Graylog web UI

  3. In the modal that opens, check Global and assign a title (for example, "GELF UDP" if you do not have a more specific title). Do not modify any other settings unless you are certain about the changes.

If you want to use TLS encryption (SSL/HTTPS), DO NOT select TLS in the Graylog web UI. TLS encryption is managed directly by your reverse proxy through the Stackhero dashboard.

Example of a GELF UDP input in GraylogExample of a GELF UDP input in Graylog

  1. Note the port of your input, as you will need to specify it later on the Stackhero dashboard. Then click Save.

2. Declare the input on Stackhero

After creating the input on the Graylog web UI, you need to declare it on the Stackhero dashboard.

  1. Go to your Stackhero dashboard and select your Graylog instance.
  2. Click on the Configure button.
  3. In the Input ports list, check if the port of your new input is already declared. If not, add it.
  4. Verify the protocol type (UDP or TCP). If you are using TCP, you can enable TLS encryption (SSL/HTTPS) by checking the corresponding option (remember that you should not enable TLS on the Graylog web UI!).
  5. Once these steps are complete, validate your new configuration.

Example of a GELF UDP input configuration on StackheroExample of a GELF UDP input configuration on Stackhero

3. Allow traffic on the firewall

Finally, after declaring your input on the Stackhero dashboard, you need to allow traffic through your firewall.

  1. Go to the Stackhero dashboard, select your Graylog service, and click on Firewall.
  2. Ensure there is a rule accepting traffic from your IP (or use 0.0.0.0/0 to allow any IP).
  3. If no such rule exists, create one by clicking the Add a rule button.
  4. Select the IP you want to allow (set it to 0.0.0.0/0 for any IP), and specify the ports that will receive data from this IP.
  5. Choose the Accept action.

Save the rule and validate the configuration by clicking the Validate button.

Example of a firewall configurationExample of a firewall configuration

Your input is now fully configured and ready to use!

Troubleshooting: a Graylog input doesn't work

If a Graylog input is not working as expected, check the following points:

  1. On the Graylog web UI:

    1. Go to System then Inputs and confirm that the input is running.
    2. Verify that the protocol (UDP or TCP) is correct.
    3. If you are using TCP, make sure that tls_enable is set to false since encryption is managed on the Stackhero dashboard.
    4. Confirm that the port is correct.
    5. Verify that the data format is correct (GELF, CEF, RAW, or Syslog).

  2. On the Stackhero dashboard:

    1. Select your Graylog instance and click the Configure button.
    2. In the Input ports list, ensure that the port is defined with the appropriate protocol (UDP or TCP).
    3. If you are using TCP, check that the TLS option is enabled for encryption (SSL/HTTPS).

  3. On the firewall:

    1. In the Stackhero dashboard, select your Graylog instance and click on the Firewall tab.
    2. Ensure there is a rule accepting traffic for the input port and protocol. If you want to allow any IP, set the IP field to 0.0.0.0/0.

By following this checklist, your input should work properly.

Other articles for Graylog

  1. Introduction
    Introduction to Graylog, everything you need to know about it
  2. Getting started
    How to get started with Graylog
  3. Choose input types
    How to choose the right Graylog input type
  4. Manage retention
    How to configure log retention
  5. Alerting
    How to send Graylog alerts by email, Slack, or Mattermost
  6. Enterprise licence
    How to manage your Graylog Enterprise licence
  7. Data mapping issues
    How to resolve Graylog index data mapping problems
  8. Using with Node.js
    How to send logs from Node.js to Graylog
  9. Using with Dot NET
    How to send logs from .NET/Serilog to Graylog
  10. Using with Python
    How to send logs from Python to Graylog