Graylog is an advanced open-source log management and analysis platform designed to help organizations efficiently collect, index, and analyze log data from diverse sources in real-time. By centralizing log data from servers, applications, and network devices, Graylog enables users to gain a comprehensive view of their IT environment.

One of Graylog’s key features is its powerful search functionality, which allows users to quickly find specific log entries using various filters and queries. This capability is crucial for troubleshooting issues, as it enables teams to pinpoint the root causes of problems more effectively. Additionally, Graylog supports custom dashboards that visualize log data through graphs and charts, providing a clear representation of system performance and security events.

Graylog also includes alerting capabilities, allowing users to set up notifications based on specific conditions or anomalies detected in the log data. This proactive approach helps organizations respond swiftly to potential threats or operational issues, improving overall security and reliability.

Furthermore, Graylog’s architecture supports scalability, making it suitable for small to large enterprises. It can handle vast amounts of log data while maintaining performance and responsiveness. With its user-friendly web interface, Graylog streamlines log management tasks, making it accessible to both technical and non-technical users.

To subscribe to this product from Azure Marketplace and initiate an instance using the Azure compute service, follow these steps:

1. Navigate to Azure Marketplace and subscribe to the desired product.
2. Search for “virtual machines” and select “Virtual machines” under Services.
3. Click on “Add” in the Virtual machines page, which will lead you to the Create a virtual machine page.
4. In the Basics tab:

• • Ensure the correct subscription is chosen under Project details.
  • Opt for creating a new resource group by selecting “Create new resource group” and name it as “myResourceGroup.”

5. Under Instance details:

• • Enter “myVM” as the Virtual machine name.
  • Choose “East US” as the Region.
  • Select “Ubuntu 18.04 LTS” as the Image.
  • Leave other settings as default.

6. For Administrator account:

• • Pick “SSH public key.”
  • Provide your user name and paste your public key, ensuring no leading or trailing white spaces.

7. Under Inbound port rules > Public inbound ports:

• • Choose “Allow selected ports.”
  • Select “SSH (22)” and “HTTP (80)” from the drop-down.

8. Keep the remaining settings at their defaults and click on “Review + create” at the bottom of the page.
9. The “Create a virtual machine” page will display the details of the VM you’re about to create. Once ready, click on “Create.”
10. The deployment process will take a few minutes. Once it’s finished, proceed to the next section.

To connect to the virtual machine:

1. Access the overview page of your VM and click on “Connect.”
2. On the “Connect to virtual machine” page:

• • Keep the default options for connecting via IP address over port 22.
  • A connection command for logging in will be displayed. Click the button to copy the command. Here’s an example of what the SSH connection command looks like:
    “`
    ssh [email protected]
    “`

3. Using the same bash shell that you used to generate your SSH key pair, you can either reopen the Cloud Shell by selecting >_ again

or going to https://shell.azure.com/bash.
4. Paste the SSH connection command into the shell to initiate an SSH session.

Usage/Deployment Instructions

Anarion Technologies – Graylog

Note: Search product on Azure marketplace and click on “Get it now”

Click on Continue

Click on Create

Creating a Virtual Machine, enter or select appropriate values for zone, machine type, resource group and at least 8 GB RAM and 3 CPUs. 

After Process of Create Virtual Machine. You have got an Option Go to Resource Group 

Click Go to Resource Group

Click on the Network Security Group: graylog-nsg

Click on Inbound Security Rule

Click on Add

Add Port

Add Port

Destination Port Ranges Section*  (where default value is 8080)

9000

Select Protocol as TCP

Option Action is to be Allow

Click on Add     

Click on Refresh

Copy the Public IP Address

SSH into VM and run these following command:

$ sudo su
$ sudo apt update
$ sudo groupadd –system graylog
$ sudo useradd –system –no-create-home -g graylog graylog
$ sudo chown -R graylog:graylog /usr/share/graylog-server
$ sudo chown -R graylog:graylog /var/lib/graylog-server
$ sudo systemctl daemon-reload
$ sudo systemctl restart graylog-server
$ sudo systemctl status graylog-server

To access the Graylog web interface, visit the followingURL on your web browser.

http://IP-Address:9000

Welcome to the Graylog Login Page

Login into Graylog:

Login Creds
Username: admin
Password: graylog@12345

Welcome to the Graylog Console

Services

ThankYou!!!