You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/network-watcher/network-watcher-analyze-nsg-flow-logs-graylog.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -40,7 +40,7 @@ In this example, both Graylog and Logstash are configured on an Ubuntu Server, d
40
40
- Refer to the [documentation](https://go2docs.graylog.org/5-0/downloading_and_installing_graylog/ubuntu_installation.html) from Graylog, for step by step instructions on how install onto Ubuntu.
41
41
- Make sure to also configure the Graylog web interface by following the [documentation](https://archivedocs.graylog.org/en/3.2/pages/configuration/web_interface.html).
42
42
43
-
This example uses the minimum Graylog setup (i.e a single instance of a Graylog), but Graylog can be architected to scale across resources depending on your system and production needs. For more information on architectural considerations or a deep architectural guide, see Graylog's [documentation](https://archivedocs.graylog.org/en/3.2/pages/architecture.html) and [architectural guide](https://www.slideshare.net/Graylog/graylog-engineering-design-your-architecture).
43
+
This example uses the minimum Graylog setup (i.e. a single instance of a Graylog), but Graylog can be architected to scale across resources depending on your system and production needs. For more information on architectural considerations or a deep architectural guide, see Graylog's [documentation](https://archivedocs.graylog.org/en/3.2/pages/architecture.html) and [architectural guide](https://www.slideshare.net/Graylog/graylog-engineering-design-your-architecture).
44
44
45
45
Graylog can be installed in many ways, depending on your platform and preferences. For a full list of possible installation methods, refer to Graylog's official
46
46
[documentation](https://archivedocs.graylog.org/en/3.2/pages/sidecar.html#installation). The Graylog server application runs on Linux distributions and has the following
@@ -146,7 +146,7 @@ The following instructions are used to install Logstash in Ubuntu. For instructi
146
146
}
147
147
```
148
148
149
-
The Logstash config file provided is composed of three parts: the input, filter, and output. The input section designates the input source of the logs that Logstash will process - in this case, you are going to use an Azure blog input plugin (installed in the next steps) that allows us to access the network security group flow log JSON files stored in blob storage.
149
+
The Logstash config file provided is composed of three parts: the input, filter, and output. The input section designates the input source of the logs that Logstash will process - in this case, you're going to use an Azure blog input plugin (installed in the next steps) that allows us to access the network security group flow log JSON files stored in blob storage.
150
150
151
151
The filter section then flattens each flow log file so that each individual flow tuple and its associated properties becomes a separate Logstash event.
152
152
@@ -175,7 +175,7 @@ Now that you have established a connection to the flow logs using Logstash and s
175
175
1. Navigate to your Graylog Server web interface using the URL you configured for it. You can access the interface by directing your browser to
176
176
`http://<graylog-server-ip>:9000/`
177
177
178
-
2. To navigate to the configuration page, select the **System** drop-down menu in the top navigation bar to the right, and then click**Inputs**.
178
+
2. To navigate to the configuration page, select the **System** drop-down menu in the top navigation bar to the right, and then select**Inputs**.
179
179
Alternatively, navigate to `http://<graylog-server-ip>:9000/system/inputs`
@@ -196,13 +196,13 @@ Now that you have established a connection to the flow logs using Logstash and s
196
196
197
197
### Search through Graylog messages
198
198
199
-
After allowing some time for your Graylog server to collect messages, you are able to search through the messages. To check the messages being sent to your Graylog server, from the **Inputs** configuration page click the "**Show received messages**" button of the GELF UDP input you created. You are directed to a screen that looks similar to the following picture:
199
+
After allowing some time for your Graylog server to collect messages, you're able to search through the messages. To check the messages being sent to your Graylog server, from the **Inputs** configuration page select the "**Show received messages**" button of the GELF UDP input you created. You're directed to a screen that looks similar to the following picture:
200
200
201
201
202
202
203
203
Select the blue **%{Message}** link to expand the message to show the parameters of the flow tuple.
204
204
205
-
By default, all message fields are included in the search if you don't select a specific message field to search for. If you want to search for specific messages (i.e - flow tuples from a specific source IP) you can use the Graylog search query language as [documented](https://archivedocs.graylog.org/en/3.2/pages/queries.html)
205
+
By default, all message fields are included in the search if you don't select a specific message field to search for. If you want to search for specific messages (i.e. - flow tuples from a specific source IP) you can use the Graylog search query language as [documented](https://archivedocs.graylog.org/en/3.2/pages/queries.html)
206
206
207
207
## Analyze network security group flow logs using Graylog
208
208
@@ -212,22 +212,22 @@ Now that Graylog it set up running, you can use some of its functionality to bet
212
212
213
213
1. In the top navigation bar, select **Dashboards** or navigate to `http://<graylog-server-ip>:9000/dashboards/`
214
214
215
-
2. From there, click the green **Create dashboard** button and fill out the short form with the title and description of your dashboard. Hit the
215
+
2. From there, select the green **Create dashboard** button and fill out the short form with the title and description of your dashboard. Hit the
216
216
**Save** button to create the new dashboard. You see a dashboard similar to the following picture:
217
217
218
218
219
219
220
220
### Add widgets
221
221
222
-
You can click the title of the dashboard to see it, but right now it's empty, since we haven't added any widgets. An easy and useful type widget to add to
222
+
You can select the title of the dashboard to see it, but right now it's empty, since we haven't added any widgets. An easy and useful type widget to add to
223
223
the dashboard are **Quick Values** charts, which display a list of values of the selected field, and their distribution.
224
224
225
225
1. Navigate back to the search results of the UDP input that's receiving flow logs by selecting **Search** from the top navigation bar.
226
226
227
227
2. Under the **Search result** panel to the left side of the screen, find the **Fields** tab, which lists the various fields of each incoming flow tuple
228
228
message.
229
229
230
-
3. Select any desired parameter in which to visualize (in this example, the IP source is selected). To show the list of possible widgets, click the blue drop-down arrow to the left of the field, then select **Quick values** to generate the widget. You should see something similar to the following picture:
230
+
3. Select any desired parameter in which to visualize (in this example, the IP source is selected). To show the list of possible widgets, select the blue drop-down arrow to the left of the field, then select **Quick values** to generate the widget. You should see something similar to the following picture:
0 commit comments