Trying to install graylog on a jail, and service won't start

[LiquidAurum]

I followed this guide and other then a few hiccups. On this part, there was no server directory let alone server.conf file.

Code:

Edit the main configuration file

vi /usr/local/etc/graylog/server/server.conf

Therefore this file didn't exist either on this step.

Code:

vi /usr/local/etc/graylog/server/log4j2.xml

Change

<Root level="warn">
  <AppenderRef ref="STDOUT"/>
  <AppenderRef ref="graylog-internal-logs"/>
</Root>
  <Root level="error">
  <AppenderRef ref="FreeBSD-logs"/>
</Root>

to

<Root level="warn">
  <AppenderRef ref="STDOUT"/>
  <AppenderRef ref="graylog-internal-logs"/>
  <AppenderRef ref="FreeBSD-logs"/>
</Root>

When I try to start it I get this:

Code:

root@Graylog:/usr/local/etc/graylog # service graylog start

/usr/local/etc/rc.d/graylog: WARNING: /usr/local/etc/graylog/graylog.conf is not readable.

/usr/local/etc/rc.d/graylog: WARNING: failed precmd routine for graylog

 

[dlonraydoc]

Same issue, any luck?

 

[danb35]

The posts in this thread seem likely to help:

Remote Syslog Server on FreeNas

Is possible to install a remote syslog server over FreeNas/TrueNas? The forums i see are all to olds. I try papertrail.app but its too expensive to implement on long time. Maybe with a docker with graylog inside, any ideas/tutorials for newbie?

www.truenas.com

 

[cjmdk]

Any thoughts/knowledge of ongoing development of this jail? E.g. according to the latest Graylog version

 

[danb35]

What do you mean by "ongoing development of this jail"? It isn't a plugin, and there's no indication I've seen that it's going to be. But last I saw, the link in the post right above yours had some pretty good discussion of how to get Graylog working.

 

[cjmdk]

It isn't a plugin, and there's no indication I've seen that it's going to be

It isn't a plugin? Huh... I managed to get Graylog running from the Plugin page within Truenas Core. And it works perfectly! Thank you, whoever created the addition

What do you mean by "ongoing development of this jail"?

The Plugin installs version 4.1.5 while the latest is 4.2 (https://www.graylog.org/releases). Please, get me right, I do NOT expect the Truenas plugin is updated the day after any new release. But 4.1.5 is a bit outdated (September).

Is the "lacking" updates a signal of it isn't maintained and you are better off running e.g. Graylog from e.g. a virtual Linux with Docker? Or a push toward Truenas Scale and Kubernetes (if you like me prefer updates and patches)?
'Piwigo' is another example of a dated Community Plugin.

 

[danb35]

I managed to get Graylog running from the Plugin page within Truenas Core.

Hmm, sure enough. Shows how well I keep up with the community plugins. OK, I'll amend my statement--this thread, and the one I linked to, are both about a self-installed Graylog instance, not the plugin (which didn't exist at the time either thread was opened). Plugins are notoriously out-of-date (one of the reasons I don't use them if I can help it), but maybe opening a Jira issue (the "report a bug" link above) might get some movement.

 

[cjmdk]

Plugins are notoriously out-of-date (one of the reasons I don't use them if I can help it

A shame for non-command line guys like myself. Thanks for the clarification

Appreciated you answered a question slightly out of the scope of the original thread. Thank you

 

[Heracles]

Here, I am also using Graylog. When I saw it as a plugin in TrueNAS, I moved my settings from my VM in ESXi to that one. Unfortunately, after a few days, it always stops working properly. I gave up on it and returned to an external VM as before. I have not been able to figure out why it stopped forwarding my logs to my SIEM (QRadar). Even locally, I could not search for events despite they were obviously there.