Skip to main content

Graylog

Overview​

Graylog is a leading centralized log management solution built to open standards for capturing, storing, and enabling real-time analysis of terabytes of machine data.

The Centreon Monitoring Connector Graylog aims to collect the number of system notifications per severity and the number of query matches for specific queries by requesting the dedicated built-in RestAPI.

Monitoring Connector assets​

Monitored objects​

  • Lucene queries
  • System notifications

Monitored metrics​

Metric nameDescriptionUnit
graylog.query.match.countNumber of query matchesCount

Prerequisites​

A service account has to be created on the Graylog server: the "Reader" role is sufficient to access system notifications but an admin account is needed to perform the Lucene queries on the Graylog server.

More information on the official Graylog site: https://go2docs.graylog.org/5-1/setting_up_graylog/rest_api.html.

Installation​

  1. Install the Centreon package on every poller expected to monitor a Graylog server:
yum install centreon-plugin-Applications-Graylog-Restapi
  1. On the Centreon Web interface, install the Centreon Monitoring Connector Graylog from the Configuration > Monitoring Connector Manager page

Configuration​

  • Log into Centreon and add a new Host through "Configuration > Hosts".
  • Apply the App-Graylog-Restapi-custom template and configure all the mandatory Macros :
MandatoryNameDescription
XUSERNAMEUsername for authentication
XPASSWORDPassword for authentication
PROTOCOLProtocol (default: 'http')
PORTAPI port (default: '9000)
EXTRAOPTIONSAny extra option you may want to add to the command (eg. a --verbose flag or any header)

Once the Host created, you can configure some Macros on the Services to filter information:

MandatoryNameDescription
FILTERNODEFilter by notification severity
FILTERSEVERITYFilter by node

FAQ​

How can I test the Plugin in the CLI and what do the main parameters stand for ?​

Once the Centreon Plugin installed, you can test it directly in the CLI of the Centreon poller by logging with the centreon-engine user:

/usr/lib/centreon/plugins//centreon_graylog_restapi.pl \
--plugin=apps::graylog::restapi::plugin \
--mode=query \
--hostname=10.0.0.1 \
--username='username' \
--password='password' \
--query='centreon'

Expected output:

OK: current queue messages : 10 | 'graylog.query.match.count'=10;;;0;

The available thresholds as well as all of the options that can be used with this Plugin can be displayed by adding the --help parameter to the command:

/usr/lib/centreon/plugins//centreon_graylog_restapi.pl \
--plugin=apps::graylog::restapi::plugin \
--mode=query \
--query='centreon'
--help

You can display all of the modes that come with the Plugin with the command below:

/usr/lib/centreon/plugins//centreon_graylog_restapi.pl \
--plugin=apps::graylog::restapi::plugin \
--list-mode

Why do I get the following error:​

UNKNOWN: 403 Forbidden ?​

The account provided does not have sufficient permissions to perfom the required actions through the API.

UNKNOWN: 500 Can't connect to ...:443​

This error message means that the Centreon Plugin couldn't successfully connect to the Graylog RestAPI. Check that no third party device (such as a firewall) is blocking the request. A proxy connection may also be necessary to connect to the API. This can be done by using the --proxyurl option in the command.

UNKNOWN: 501 Protocol scheme 'connect' is not supported |​

When using a proxy to connect to the Graylog RestAPI, this error message means that the Centreon Plugin library does not support the proxy connection protocol.

In order to prevent this issue, use the curl HTTP backend by adding the following option to the command: --http-backend='curl'.