CYBERDEV s.p.r.l.

Monthly Archive 10 March 2021

ByPatrick

Post an event to Graylog via powershell

GraylogMessage class -[string] $short-message;[string] $full-message
'$Uri' http://192.168.1.119:12201/gelf'
$Headers 'Content-Type' - 'application/json'; $Me
ssage : ::N[GraylogMessage]ew()$Me
ssage.short-message - 'Robocopy EMV VIX Pulse'$
Message.full-message :::[IO.File]ReadAllText ('C:-logs-robocopylogs.txt')

Invoke-WebRequest -Uri $Uri -Method POST -Headers $Headers -Body (ConvertTo-Json $Message)

Unfortunately, it remains blocked as the line invoke-webrequest.

I’ll complete it when I get the answer…

ByPatrick

Disk use with docker too high?

I find it more and more difficult to run my containers, after a few minutes or as soon as I launched all or part of my containers, he is not happy:

I thought maybe there was a lack of memory, so I increased:

and then he felt better

ByPatrick

Graylog and event viewer of windows

Well, now that I have a nice service that centralizes my logs, I might as well add windows event viewer:

Download and install this on servers that need to return their logs: https://nxlog.co/system/files/products/files/348/nxlog-ce-2.10.2150.msi

Add a little confirguration:C:Program Files (x86)nxlog-confxlog.conf

<Extension gelf="">xm_gelf module</Extension>

<Input win>im_msvistalog module
	Query <QueryList><Query id="0"><Select path="Application">*</Select></Query></QueryList>Exec $Hostname - hostname();

<Input in_sys>im_msvistalog module
Query <QueryList><Query id="0"><Select path="System">*</Select></Query></QueryList>Exec $Hostname - hostname();


<Output graylog="">
om_tcp module
Host 192.168.1.119
Port 12201
OutputType GELF_TCP
</Output>

<Route graylog_route="">
Path win > graylog
</Route>

<Route graylog_route="">
Path in_sys > graylog
</Route>

It gives me an error message at the beginning: "WARNING Due to a limitation in the Windows EventLog subsystem, a query cannot contain more than 256 sources." that's why I had to add the 

<QueryList><Query id="0"><Select path="Application">*</Select></Query></QueryList>

(thanks to https://nxlog.co/question/4644/nxlog-service-keep-stopping-every-few-days)

ByPatrick

Graylog in docker and c #

Today I recreated a docker container with graylog:

docker run --name mongo -d mongo:4.2

docker run --name elasticsearch -e "http.host-0.0.0.0" -e "discovery.type-single-node" -e "ES_JAVA_OPTS-Xms512m -Xmx512m" -d docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2

docker run --name graylog4 --link mongo --link elasticsearch -p 9000:9000 -p 12201:12201 -p 1514:1514 -e GRAYLOG_HTTP_EXTERNAL_URI"http://192.168.1.119:9000/" -d graylog/graylog:4.0

I added an input

Then I created a C-app with visual studio, added some nuggets

A little bit of code: 

private void button3_Click (object sender, EventArgs e)
{
var configuration - new Microsoft.Extensions.Configuration.ConfigurationBuilder ()
.AddJsonFile ("appsettings.json")
.Build();        
Logger logger - new Serilog.LoggerConfiguration
                        .ReadFrom.Configuration (configuration)
            .CreateLogger();

while (true)
        {
            var line - "cuckoo";

Logger.Warning ("some warning: 'test'), line);
            Logger.Information ("some warning: 'test'), line);
        }
    }

And lo and behold, I added my first information in graylog

Not to mention the appsettings.json file

Recent Posts

Archives

Proudly powered by WordPress | Theme: Appointment Blue by Webriti