Error in user YAML: (<unknown>): found character that cannot start any token while scanning for the next token at line 1 column 1
---
@snap[north span]
## Graylog Application
@snapend
@snap[south span]
@snapend
---
-
Graylog in general: Log Management For All. Built to open standards, Graylog’s connectivity and interoperability seamlessly collects, enhances, stores, and analyzes log data.
-
Graylog for DTPN Security: SIEM first at all, log management in advance
Graylog is available (https://graylog.sec.in.pan-net.eu/)
- SLACK & email notifications
- LDAP authentication
- Thread inteligence plugin
- Aggretation plugin
- GEO plugin
- Log enrichment
- KAFKA plugin
- customer system shoud directly talk to kafka (rsyslog, filebeat, fluetd, fluentbit, winlogbeat)
- we will provide you KAFKA topic & KAFKA brokers
- make their logs available via Streams & Dashboards
- parse logs (create extracors on inputs)
- create base Alerts
- create notifications (email, slack)
- custom extended parsing
- custom Alerts
- custom SLACK & mail notifications
- transfer widgets from draft dashboard
999.Playground
You can request for feratures in project graylog-feature-dev
- queries (Lucence syntax)
- quick values (stacked fields, statistics, geo mappping)
- widgets proposal in dashboard
999.Playground - export result
- we are receving log msgs from more than 800 sources
- we are processing abot ~150MIL/day** log msgs = 100GB/day
- retention 11 days atm
- SLA for all log producers about 10K msgs/s
- we are interesting to have security related logs
- please don't send to us DEBUG logs
- DATALAKE for events (by Adrian Jackson)