Welcome back! Today, I’ll be discussing one of my favorite homelab projects: Graylog.
Graylog is a free for personal use syslog aggregator. What does that mean? Well, we’ll start with syslogs. Syslogs are system log messages that various operating systems use to document what is happening with the system. This includes Linux syslog (/var/log/syslog) and Windows Event Logs for both server and home editions of Windows. These come in handy when troubleshooting issues or when you need to check specific time frames to see what a system was doing. But, this requires going into each system individually to read these; If there’s an issue affecting multiple systems, you’ll need to check out each system and correlate time frames to troubleshoot. Enter Graylog.
Graylog allows us a way to receive all syslogs from across a single or multiple networks. In the case of my homelab I run about 25 virtual machines of Windows and Linux varieties. Trying to nail down an issue across multiple servers can be a bit of a pain, but with Graylog I can see everything in one spot. But that’s just scratching the surface.