Graylog Node

ChristianRiesen · October 14, 2020, 9:05pm

Graylog https://www.graylog.org/ is a very common logging server and can be setup rather quickly with containers. It has many ways to connect to it, including sending syslog remotely, using gelf messages and lots more. Having this as a node would be extremely helpful.

jan · October 14, 2020, 9:06pm

Thanks a lot. Can you please tell us what functionality you would require exactly. Just to be sure that if this node gets created it does already what you need it to do.

ChristianRiesen · October 15, 2020, 11:10am

I think the best way to look at it is a GELF message sender, with a graylog server as crendetials.

GELF is described here GELF

The most important bits:

Every log message in GELF is a dict with the following fields:

host (the creator of the message)

timestamp

version

long and short version of the message

other custom fields you can freely configure on your own

Among those custom fields is usual a “level” for the log, values from 0 to 6, where 0 is the highest importance error level, but this is optional in GELF.

jan · October 15, 2020, 11:41am

Ah OK. So the only functionality you would really require would be sending a log-message?

ChristianRiesen · October 15, 2020, 12:15pm

Sending to Graylog would be my personal use case.

I think reading from graylog would be a future thing that might be interesting as well I think, specially since many things can talk to graylog, but graylog also can do things like send alerts (use it as triggers).

As a side note in case you are not familiar with graylog: Below the surface it has an Elasticsearch backend, and uses pretty much most of the syntax from ES as well, so if you make an ES node, that would also be possible to share some code with querying Graylog as well.

ChristianRiesen · October 27, 2020, 9:47am

Hi @jan
So maybe this would be better called a Graylog publishing node, not anything else.
Are you looking into making this or is this not something you’d want to do?

ChristianRiesen · November 25, 2020, 6:25pm

Hello @jan is there any update on this? Or did you drop the idea of making it?

RicardoE105 · November 25, 2020, 8:54pm

Hello @ChristianRiesen

We do not drop nodes, but we have so many requests that we usually develop them based on the community’s votes. We have quite some nodes to build before this one. What I can assure it’s it will be developed do not now when thought.

ChristianRiesen · November 25, 2020, 9:18pm

That’s fantastic news, thank you. And I understand prioritizing things. Graylog is such an integral part for me that it’s hard to have things running I can’t integrate directly

RicardoE105 · November 25, 2020, 9:29pm

In the meantime you can use the HTTP Request node though.