Graylog Server Configuration

Graylog includes many configuration options in multiple configuration files that you can adjust to fine-tune performance, improve security of your installation, and many other customizations to suit your environment. For information about the files and types of configuration options, see Configuration Settings.

This article describes how to format Graylog configuration files and the process to follow for editing or updating configuration properties.

Prerequisites

Before proceeding, ensure that the following prerequisites are met:

  • You must have access to a user account on the Graylog server with elevated privileges allowing you to access and modify the configuration file.

  • Strong knowledge of your Graylog environment and installation architecture is recommended.

Update Configuration Properties

The file server.conf is the Graylog configuration file and its default location is: /etc/graylog/server/server.conf. The file datanode.conf is the Data Node configuration file and its default location is: /etc/graylog/datanode/datanode.conf. These files are typically edited through the command line but can be edited in any text editor, given the correct permissions.

The formatting information in this section applies to both files.

Hint: The configuration files use ISO 8859-1/Latin-1 character encoding. Characters that cannot be directly represented in this encoding can be written using Unicode escapes as defined in Java SE Specifications, using the u prefix. For example, u002c.

Formatting for properties in these files use the following conventions:

  • Entries are generally expected to be a single line in one of the following forms:

    • propertyName=propertyValue

    • propertyName:propertyValue

  • White space that appears between the property name and property value is ignored, so the following are equivalent:

    • name=Stephen

    • name = Stephen

    White space at the beginning of the line is also ignored.

  • Lines that start with the comment characters ! or # are ignored. Blank lines are also ignored.

  • The property value is generally terminated by the end of the line. White space following the property value is not ignored, and is treated as part of the property value.

  • A property value can span multiple lines if each line is terminated by a backslash (\) character. For example:

    targetCities=\

        Detroit,\

        Chicago,\

        Los Angeles

    The example above is equivalent to targetCities=Detroit,Chicago,Los Angeles. White space at the beginning of lines is ignored.

  • The characters newline, carriage return, and tab can be inserted with characters \n, \r, and \t, respectively.

  • The backslash character must be escaped as a double backslash. For example:

    path=c:\\docs\\doc1

Update Configuration Files

The common way to update configuration files is by using the command line. You have many options for command-line tools to choose, and each might use slightly different commands or syntax to achieve the same results. Therefore, you might need to adjust the examples we provide to account for differences in your chosen tool.

Regardless of tool, the basic process is the same:

  1. Open the configuration file with appropriate (elevated) permissions.

  2. Find the property you need to update, and then add or update the value.

  3. Save the file to overwrite the previous version.

  4. Restart the server to pick up the change.

Set is_leader for Replica Nodes Example

As an example of using the command line to update a configuration property, use the following code to set the is_leader property for each of your follower or replica nodes. Remember that your primary node has this property set to true, but all other nodes must be set to false.

  1. Open the server.conf file with the following command:

    Copy 
    sudo nano /etc/graylog/server/server.conf

    If prompted, enter your administrator password.

  2. Scroll until you find the is_leader property. By default, this property is set to true. For all replica nodes, change the setting to false:

    Copy 
    is_leader = false

  3. Save and exit the server.conf file. For example, on some consoles, you can select Ctrl + X to exit the file, enter Y to save the file and overwrite the previous version, and then enter again to save the file with the same name.

  4. Restart the Graylog service with the following command:

    Copy 
    sudo systemctl restart graylog-server.service

Edit Configuration Settings in the Web Interface

After you set up the Graylog web interface, you can adjust some additional configurable system settings on the System Configurations page. Navigate to SystemConfigurations to access this menu.

Note that this page is divided into category tabs along the left. When you select a category, the page displays current applicable settings.

Click Edit configuration to launch the edit window for the given category, where you can add or update the available settings.

Further Reading

Explore the following additional resources and recommended readings to expand your knowledge on related topics: