Graylog external log data

r1c4ard06 · January 24, 2024, 12:07pm

I have been following the Graylog: Your Comprehensive Guide to Getting Started Open Source Log Management. Which works perfectly of course. I have also used Ubuntu 22.04. Unfortunately my Linux skills are very basic so please take that into consideration.

I am a little confused on how to setup the log data to go to a cifs share on a NAS.

I have added a share in fstab and was able to mount the share ok:

//10.0.3.4/SYSlog /media/graylog_data/ cifs vers=3.0,credentials=/etc/.truenas_creds,iocharset=utf8,gid=1000

I am unsure what I need to change in the volumes section of the docker-compose.yml

volumes:
  - "log_data:/usr/share/opensearch/data"

Any help would be gratefully appreciated.

LTS_Tom · January 24, 2024, 1:05pm

My data mount is:

Filesystem                                           Size  Used Avail Use% Mounted on
192.168.20.225:/mnt/trinity/LTS_Office/graylog_logs  235T   20G  235T   1% /mnt/graylog_logs

And the mount syntax in my docker-compose.yml is:

volumes:
       - "/mnt/graylog_logs:/usr/share/opensearch/data"

If I am reading your post correctly and your mount is /media/graylog_data/ then yours should be:

volumes:
       - "/media/graylog_data:/usr/share/opensearch/data"

r1c4ard06 · January 25, 2024, 10:33am

Thank you I did try - “/media/graylog_data:/usr/share/opensearch/data” however I then get the following error on bringing docker up:

graylog | 2024-01-25 10:21:09,613 ERROR: org.graylog2.storage.versionprobe.VersionProbe - Unable to retrieve version from Elasticsearch node: Failed to connect to opensearch/172.18.0.2:9200. - Connection refused.
graylog | 2024-01-25 10:21:09,615 INFO : org.graylog2.storage.versionprobe.VersionProbe - Elasticsearch is not available. Retry #8

It’s not a issue for me to just run local storage as I only need this for pfsense openvpn logs.

LTS_Tom · January 25, 2024, 11:15am

If it works locally but not remote, it’s likely that you have a permissions issue.