Removed
Link Here
|
1 |
############################ |
2 |
# GRAYLOG CONFIGURATION FILE |
3 |
############################ |
4 |
# |
5 |
# This is the Graylog configuration file. The file has to use ISO 8859-1/Latin-1 character encoding. |
6 |
# Characters that cannot be directly represented in this encoding can be written using Unicode escapes |
7 |
# as defined in https://docs.oracle.com/javase/specs/jls/se8/html/jls-3.html#jls-3.3, using the \u prefix. |
8 |
# For example, \u002c. |
9 |
# |
10 |
# * Entries are generally expected to be a single line of the form, one of the following: |
11 |
# |
12 |
# propertyName=propertyValue |
13 |
# propertyName:propertyValue |
14 |
# |
15 |
# * White space that appears between the property name and property value is ignored, |
16 |
# so the following are equivalent: |
17 |
# |
18 |
# name=Stephen |
19 |
# name = Stephen |
20 |
# |
21 |
# * White space at the beginning of the line is also ignored. |
22 |
# |
23 |
# * Lines that start with the comment characters ! or # are ignored. Blank lines are also ignored. |
24 |
# |
25 |
# * The property value is generally terminated by the end of the line. White space following the |
26 |
# property value is not ignored, and is treated as part of the property value. |
27 |
# |
28 |
# * A property value can span several lines if each line is terminated by a backslash (‘\’) character. |
29 |
# For example: |
30 |
# |
31 |
# targetCities=\ |
32 |
# Detroit,\ |
33 |
# Chicago,\ |
34 |
# Los Angeles |
35 |
# |
36 |
# This is equivalent to targetCities=Detroit,Chicago,Los Angeles (white space at the beginning of lines is ignored). |
37 |
# |
38 |
# * The characters newline, carriage return, and tab can be inserted with characters \n, \r, and \t, respectively. |
39 |
# |
40 |
# * The backslash character must be escaped as a double backslash. For example: |
41 |
# |
42 |
# path=c:\\docs\\doc1 |
43 |
# |
44 |
|
45 |
# If you are running more than one instances of Graylog server you have to select one of these |
46 |
# instances as master. The master will perform some periodical tasks that non-masters won't perform. |
47 |
is_master = true |
48 |
|
49 |
# The auto-generated node ID will be stored in this file and read after restarts. It is a good idea |
50 |
# to use an absolute file path here if you are starting Graylog server from init scripts or similar. |
51 |
node_id_file = %%GRAYLOG_DATA_DIR%%/node-id |
52 |
|
53 |
# You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters. |
54 |
# Generate one by using for example: pwgen -N 1 -s 96 |
55 |
password_secret = |
56 |
|
57 |
# The default root user is named 'admin' |
58 |
#root_username = admin |
59 |
|
60 |
# You MUST specify a hash password for the root user (which you only need to initially set up the |
61 |
# system and in case you lose connectivity to your authentication backend) |
62 |
# This password cannot be changed using the API or via the web interface. If you need to change it, |
63 |
# modify it in this file. |
64 |
# Create one by using for example: echo -n yourpassword | shasum -a 256 |
65 |
# and put the resulting hash value into the following line |
66 |
root_password_sha2 = |
67 |
|
68 |
# The email address of the root user. |
69 |
# Default is empty |
70 |
#root_email = "" |
71 |
|
72 |
# The time zone setting of the root user. See http://www.joda.org/joda-time/timezones.html for a list of valid time zones. |
73 |
# Default is UTC |
74 |
#root_timezone = UTC |
75 |
|
76 |
# Set plugin directory here (relative or absolute) |
77 |
plugin_dir = %%DATADIR%%/plugin |
78 |
|
79 |
# REST API listen URI. Must be reachable by other Graylog server nodes if you run a cluster. |
80 |
# When using Graylog Collectors, this URI will be used to receive heartbeat messages and must be accessible for all collectors. |
81 |
rest_listen_uri = http://127.0.0.1:9000/api/ |
82 |
|
83 |
# REST API transport address. Defaults to the value of rest_listen_uri. Exception: If rest_listen_uri |
84 |
# is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system address is used. |
85 |
# If set, this will be promoted in the cluster discovery APIs, so other nodes may try to connect on |
86 |
# this address and it is used to generate URLs addressing entities in the REST API. (see rest_listen_uri) |
87 |
# You will need to define this, if your Graylog server is running behind a HTTP proxy that is rewriting |
88 |
# the scheme, host name or URI. |
89 |
# This must not contain a wildcard address (0.0.0.0). |
90 |
#rest_transport_uri = http://192.168.1.1:9000/api/ |
91 |
|
92 |
# Enable CORS headers for REST API. This is necessary for JS-clients accessing the server directly. |
93 |
# If these are disabled, modern browsers will not be able to retrieve resources from the server. |
94 |
# This is enabled by default. Uncomment the next line to disable it. |
95 |
#rest_enable_cors = false |
96 |
|
97 |
# Enable GZIP support for REST API. This compresses API responses and therefore helps to reduce |
98 |
# overall round trip times. This is enabled by default. Uncomment the next line to disable it. |
99 |
#rest_enable_gzip = false |
100 |
|
101 |
# Enable HTTPS support for the REST API. This secures the communication with the REST API with |
102 |
# TLS to prevent request forgery and eavesdropping. This is disabled by default. Uncomment the |
103 |
# next line to enable it. |
104 |
#rest_enable_tls = true |
105 |
|
106 |
# The X.509 certificate chain file in PEM format to use for securing the REST API. |
107 |
#rest_tls_cert_file = /path/to/graylog.crt |
108 |
|
109 |
# The PKCS#8 private key file in PEM format to use for securing the REST API. |
110 |
#rest_tls_key_file = /path/to/graylog.key |
111 |
|
112 |
# The password to unlock the private key used for securing the REST API. |
113 |
#rest_tls_key_password = secret |
114 |
|
115 |
# The maximum size of the HTTP request headers in bytes. |
116 |
#rest_max_header_size = 8192 |
117 |
|
118 |
# The size of the thread pool used exclusively for serving the REST API. |
119 |
#rest_thread_pool_size = 16 |
120 |
|
121 |
# Comma separated list of trusted proxies that are allowed to set the client address with X-Forwarded-For |
122 |
# header. May be subnets, or hosts. |
123 |
#trusted_proxies = 127.0.0.1/32, 0:0:0:0:0:0:0:1/128 |
124 |
|
125 |
# Enable the embedded Graylog web interface. |
126 |
# Default: true |
127 |
#web_enable = false |
128 |
|
129 |
# Web interface listen URI. |
130 |
# Configuring a path for the URI here effectively prefixes all URIs in the web interface. This is a replacement |
131 |
# for the application.context configuration parameter in pre-2.0 versions of the Graylog web interface. |
132 |
#web_listen_uri = http://127.0.0.1:9000/ |
133 |
|
134 |
# Web interface endpoint URI. This setting can be overriden on a per-request basis with the X-Graylog-Server-URL header. |
135 |
# Default: $rest_transport_uri |
136 |
#web_endpoint_uri = |
137 |
|
138 |
# Enable CORS headers for the web interface. This is necessary for JS-clients accessing the server directly. |
139 |
# If these are disabled, modern browsers will not be able to retrieve resources from the server. |
140 |
#web_enable_cors = false |
141 |
|
142 |
# Enable/disable GZIP support for the web interface. This compresses HTTP responses and therefore helps to reduce |
143 |
# overall round trip times. This is enabled by default. Uncomment the next line to disable it. |
144 |
#web_enable_gzip = false |
145 |
|
146 |
# Enable HTTPS support for the web interface. This secures the communication of the web browser with the web interface |
147 |
# using TLS to prevent request forgery and eavesdropping. |
148 |
# This is disabled by default. Uncomment the next line to enable it and see the other related configuration settings. |
149 |
#web_enable_tls = true |
150 |
|
151 |
# The X.509 certificate chain file in PEM format to use for securing the web interface. |
152 |
#web_tls_cert_file = /path/to/graylog-web.crt |
153 |
|
154 |
# The PKCS#8 private key file in PEM format to use for securing the web interface. |
155 |
#web_tls_key_file = /path/to/graylog-web.key |
156 |
|
157 |
# The password to unlock the private key used for securing the web interface. |
158 |
#web_tls_key_password = secret |
159 |
|
160 |
# The maximum size of the HTTP request headers in bytes. |
161 |
#web_max_header_size = 8192 |
162 |
|
163 |
# The size of the thread pool used exclusively for serving the web interface. |
164 |
#web_thread_pool_size = 16 |
165 |
|
166 |
# List of Elasticsearch hosts Graylog should connect to. |
167 |
# Need to be specified as a comma-separated list of valid URIs for the http ports of your elasticsearch nodes. |
168 |
# If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that |
169 |
# requires authentication. |
170 |
# |
171 |
# Default: http://127.0.0.1:9200 |
172 |
#elasticsearch_hosts = http://node1:9200,http://user:password@node2:19200 |
173 |
|
174 |
# Maximum amount of time to wait for successfull connection to Elasticsearch HTTP port. |
175 |
# |
176 |
# Default: 10 Seconds |
177 |
#elasticsearch_connect_timeout = 10s |
178 |
|
179 |
# Maximum amount of time to wait for reading back a response from an Elasticsearch server. |
180 |
# |
181 |
# Default: 60 seconds |
182 |
#elasticsearch_socket_timeout = 60s |
183 |
|
184 |
# Maximum idle time for an Elasticsearch connection. If this is exceeded, this connection will |
185 |
# be tore down. |
186 |
# |
187 |
# Default: inf |
188 |
#elasticsearch_idle_timeout = -1s |
189 |
|
190 |
# Maximum number of total connections to Elasticsearch. |
191 |
# |
192 |
# Default: 20 |
193 |
#elasticsearch_max_total_connections = 20 |
194 |
|
195 |
# Maximum number of total connections per Elasticsearch route (normally this means per |
196 |
# elasticsearch server). |
197 |
# |
198 |
# Default: 2 |
199 |
#elasticsearch_max_total_connections_per_route = 2 |
200 |
|
201 |
# Maximum number of times Graylog will retry failed requests to Elasticsearch. |
202 |
# |
203 |
# Default: 2 |
204 |
#elasticsearch_max_retries = 2 |
205 |
|
206 |
# Enable automatic Elasticsearch node discovery through Nodes Info, |
207 |
# see https://www.elastic.co/guide/en/elasticsearch/reference/5.4/cluster-nodes-info.html |
208 |
# |
209 |
# WARNING: Automatic node discovery does not work if Elasticsearch requires authentication, e. g. with Shield. |
210 |
# |
211 |
# Default: false |
212 |
#elasticsearch_discovery_enabled = true |
213 |
|
214 |
# Filter for including/excluding Elasticsearch nodes in discovery according to their custom attributes, |
215 |
# see https://www.elastic.co/guide/en/elasticsearch/reference/5.4/cluster.html#cluster-nodes |
216 |
# |
217 |
# Default: empty |
218 |
#elasticsearch_discovery_filter = rack:42 |
219 |
|
220 |
# Frequency of the Elasticsearch node discovery. |
221 |
# |
222 |
# Default: 30s |
223 |
# elasticsearch_discovery_frequency = 30s |
224 |
|
225 |
# Enable payload compression for Elasticsearch requests. |
226 |
# |
227 |
# Default: false |
228 |
#elasticsearch_compression_enabled = true |
229 |
|
230 |
# Graylog will use multiple indices to store documents in. You can configured the strategy it uses to determine |
231 |
# when to rotate the currently active write index. |
232 |
# It supports multiple rotation strategies: |
233 |
# - "count" of messages per index, use elasticsearch_max_docs_per_index below to configure |
234 |
# - "size" per index, use elasticsearch_max_size_per_index below to configure |
235 |
# valid values are "count", "size" and "time", default is "count" |
236 |
# |
237 |
# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these |
238 |
# to your previous 1.x settings so they will be migrated to the database! |
239 |
rotation_strategy = count |
240 |
|
241 |
# (Approximate) maximum number of documents in an Elasticsearch index before a new index |
242 |
# is being created, also see no_retention and elasticsearch_max_number_of_indices. |
243 |
# Configure this if you used 'rotation_strategy = count' above. |
244 |
# |
245 |
# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these |
246 |
# to your previous 1.x settings so they will be migrated to the database! |
247 |
elasticsearch_max_docs_per_index = 20000000 |
248 |
|
249 |
# (Approximate) maximum size in bytes per Elasticsearch index on disk before a new index is being created, also see |
250 |
# no_retention and elasticsearch_max_number_of_indices. Default is 1GB. |
251 |
# Configure this if you used 'rotation_strategy = size' above. |
252 |
# |
253 |
# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these |
254 |
# to your previous 1.x settings so they will be migrated to the database! |
255 |
#elasticsearch_max_size_per_index = 1073741824 |
256 |
|
257 |
# (Approximate) maximum time before a new Elasticsearch index is being created, also see |
258 |
# no_retention and elasticsearch_max_number_of_indices. Default is 1 day. |
259 |
# Configure this if you used 'rotation_strategy = time' above. |
260 |
# Please note that this rotation period does not look at the time specified in the received messages, but is |
261 |
# using the real clock value to decide when to rotate the index! |
262 |
# Specify the time using a duration and a suffix indicating which unit you want: |
263 |
# 1w = 1 week |
264 |
# 1d = 1 day |
265 |
# 12h = 12 hours |
266 |
# Permitted suffixes are: d for day, h for hour, m for minute, s for second. |
267 |
# |
268 |
# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these |
269 |
# to your previous 1.x settings so they will be migrated to the database! |
270 |
#elasticsearch_max_time_per_index = 1d |
271 |
|
272 |
# Disable checking the version of Elasticsearch for being compatible with this Graylog release. |
273 |
# WARNING: Using Graylog with unsupported and untested versions of Elasticsearch may lead to data loss! |
274 |
#elasticsearch_disable_version_check = true |
275 |
|
276 |
# Disable message retention on this node, i. e. disable Elasticsearch index rotation. |
277 |
#no_retention = false |
278 |
|
279 |
# How many indices do you want to keep? |
280 |
# |
281 |
# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these |
282 |
# to your previous 1.x settings so they will be migrated to the database! |
283 |
elasticsearch_max_number_of_indices = 20 |
284 |
|
285 |
# Decide what happens with the oldest indices when the maximum number of indices is reached. |
286 |
# The following strategies are availble: |
287 |
# - delete # Deletes the index completely (Default) |
288 |
# - close # Closes the index and hides it from the system. Can be re-opened later. |
289 |
# |
290 |
# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these |
291 |
# to your previous 1.x settings so they will be migrated to the database! |
292 |
retention_strategy = delete |
293 |
|
294 |
# How many Elasticsearch shards and replicas should be used per index? Note that this only applies to newly created indices. |
295 |
# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these |
296 |
# to your previous settings so they will be migrated to the database! |
297 |
elasticsearch_shards = 4 |
298 |
elasticsearch_replicas = 0 |
299 |
|
300 |
# Prefix for all Elasticsearch indices and index aliases managed by Graylog. |
301 |
# |
302 |
# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these |
303 |
# to your previous settings so they will be migrated to the database! |
304 |
elasticsearch_index_prefix = graylog |
305 |
|
306 |
# Name of the Elasticsearch index template used by Graylog to apply the mandatory index mapping. |
307 |
# Default: graylog-internal |
308 |
# |
309 |
# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these |
310 |
# to your previous settings so they will be migrated to the database! |
311 |
#elasticsearch_template_name = graylog-internal |
312 |
|
313 |
# Do you want to allow searches with leading wildcards? This can be extremely resource hungry and should only |
314 |
# be enabled with care. See also: http://docs.graylog.org/en/2.1/pages/queries.html |
315 |
allow_leading_wildcard_searches = false |
316 |
|
317 |
# Do you want to allow searches to be highlighted? Depending on the size of your messages this can be memory hungry and |
318 |
# should only be enabled after making sure your Elasticsearch cluster has enough memory. |
319 |
allow_highlighting = false |
320 |
|
321 |
# Analyzer (tokenizer) to use for message and full_message field. The "standard" filter usually is a good idea. |
322 |
# All supported analyzers are: standard, simple, whitespace, stop, keyword, pattern, language, snowball, custom |
323 |
# Elasticsearch documentation: https://www.elastic.co/guide/en/elasticsearch/reference/2.3/analysis.html |
324 |
# Note that this setting only takes effect on newly created indices. |
325 |
# |
326 |
# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these |
327 |
# to your previous settings so they will be migrated to the database! |
328 |
elasticsearch_analyzer = standard |
329 |
|
330 |
# Global request timeout for Elasticsearch requests (e. g. during search, index creation, or index time-range |
331 |
# calculations) based on a best-effort to restrict the runtime of Elasticsearch operations. |
332 |
# Default: 1m |
333 |
#elasticsearch_request_timeout = 1m |
334 |
|
335 |
# Global timeout for index optimization (force merge) requests. |
336 |
# Default: 1h |
337 |
#elasticsearch_index_optimization_timeout = 1h |
338 |
|
339 |
# Maximum number of concurrently running index optimization (force merge) jobs. |
340 |
# If you are using lots of different index sets, you might want to increase that number. |
341 |
# Default: 20 |
342 |
#elasticsearch_index_optimization_jobs = 20 |
343 |
|
344 |
# Time interval for index range information cleanups. This setting defines how often stale index range information |
345 |
# is being purged from the database. |
346 |
# Default: 1h |
347 |
#index_ranges_cleanup_interval = 1h |
348 |
|
349 |
# Batch size for the Elasticsearch output. This is the maximum (!) number of messages the Elasticsearch output |
350 |
# module will get at once and write to Elasticsearch in a batch call. If the configured batch size has not been |
351 |
# reached within output_flush_interval seconds, everything that is available will be flushed at once. Remember |
352 |
# that every outputbuffer processor manages its own batch and performs its own batch write calls. |
353 |
# ("outputbuffer_processors" variable) |
354 |
output_batch_size = 500 |
355 |
|
356 |
# Flush interval (in seconds) for the Elasticsearch output. This is the maximum amount of time between two |
357 |
# batches of messages written to Elasticsearch. It is only effective at all if your minimum number of messages |
358 |
# for this time period is less than output_batch_size * outputbuffer_processors. |
359 |
output_flush_interval = 1 |
360 |
|
361 |
# As stream outputs are loaded only on demand, an output which is failing to initialize will be tried over and |
362 |
# over again. To prevent this, the following configuration options define after how many faults an output will |
363 |
# not be tried again for an also configurable amount of seconds. |
364 |
output_fault_count_threshold = 5 |
365 |
output_fault_penalty_seconds = 30 |
366 |
|
367 |
# The number of parallel running processors. |
368 |
# Raise this number if your buffers are filling up. |
369 |
processbuffer_processors = 5 |
370 |
outputbuffer_processors = 3 |
371 |
|
372 |
# The following settings (outputbuffer_processor_*) configure the thread pools backing each output buffer processor. |
373 |
# See https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ThreadPoolExecutor.html for technical details |
374 |
|
375 |
# When the number of threads is greater than the core (see outputbuffer_processor_threads_core_pool_size), |
376 |
# this is the maximum time in milliseconds that excess idle threads will wait for new tasks before terminating. |
377 |
# Default: 5000 |
378 |
#outputbuffer_processor_keep_alive_time = 5000 |
379 |
|
380 |
# The number of threads to keep in the pool, even if they are idle, unless allowCoreThreadTimeOut is set |
381 |
# Default: 3 |
382 |
#outputbuffer_processor_threads_core_pool_size = 3 |
383 |
|
384 |
# The maximum number of threads to allow in the pool |
385 |
# Default: 30 |
386 |
#outputbuffer_processor_threads_max_pool_size = 30 |
387 |
|
388 |
# UDP receive buffer size for all message inputs (e. g. SyslogUDPInput). |
389 |
#udp_recvbuffer_sizes = 1048576 |
390 |
|
391 |
# Wait strategy describing how buffer processors wait on a cursor sequence. (default: sleeping) |
392 |
# Possible types: |
393 |
# - yielding |
394 |
# Compromise between performance and CPU usage. |
395 |
# - sleeping |
396 |
# Compromise between performance and CPU usage. Latency spikes can occur after quiet periods. |
397 |
# - blocking |
398 |
# High throughput, low latency, higher CPU usage. |
399 |
# - busy_spinning |
400 |
# Avoids syscalls which could introduce latency jitter. Best when threads can be bound to specific CPU cores. |
401 |
processor_wait_strategy = blocking |
402 |
|
403 |
# Size of internal ring buffers. Raise this if raising outputbuffer_processors does not help anymore. |
404 |
# For optimum performance your LogMessage objects in the ring buffer should fit in your CPU L3 cache. |
405 |
# Must be a power of 2. (512, 1024, 2048, ...) |
406 |
ring_size = 65536 |
407 |
|
408 |
inputbuffer_ring_size = 65536 |
409 |
inputbuffer_processors = 2 |
410 |
inputbuffer_wait_strategy = blocking |
411 |
|
412 |
# Enable the disk based message journal. |
413 |
message_journal_enabled = true |
414 |
|
415 |
# The directory which will be used to store the message journal. The directory must me exclusively used by Graylog and |
416 |
# must not contain any other files than the ones created by Graylog itself. |
417 |
# |
418 |
# ATTENTION: |
419 |
# If you create a seperate partition for the journal files and use a file system creating directories like 'lost+found' |
420 |
# in the root directory, you need to create a sub directory for your journal. |
421 |
# Otherwise Graylog will log an error message that the journal is corrupt and Graylog will not start. |
422 |
message_journal_dir = %%GRAYLOG_DATA_DIR%%/journal |
423 |
|
424 |
# Journal hold messages before they could be written to Elasticsearch. |
425 |
# For a maximum of 12 hours or 5 GB whichever happens first. |
426 |
# During normal operation the journal will be smaller. |
427 |
#message_journal_max_age = 12h |
428 |
#message_journal_max_size = 5gb |
429 |
|
430 |
#message_journal_flush_age = 1m |
431 |
#message_journal_flush_interval = 1000000 |
432 |
#message_journal_segment_age = 1h |
433 |
#message_journal_segment_size = 100mb |
434 |
|
435 |
# Number of threads used exclusively for dispatching internal events. Default is 2. |
436 |
#async_eventbus_processors = 2 |
437 |
|
438 |
# How many seconds to wait between marking node as DEAD for possible load balancers and starting the actual |
439 |
# shutdown process. Set to 0 if you have no status checking load balancers in front. |
440 |
lb_recognition_period_seconds = 3 |
441 |
|
442 |
# Journal usage percentage that triggers requesting throttling for this server node from load balancers. The feature is |
443 |
# disabled if not set. |
444 |
#lb_throttle_threshold_percentage = 95 |
445 |
|
446 |
# Every message is matched against the configured streams and it can happen that a stream contains rules which |
447 |
# take an unusual amount of time to run, for example if its using regular expressions that perform excessive backtracking. |
448 |
# This will impact the processing of the entire server. To keep such misbehaving stream rules from impacting other |
449 |
# streams, Graylog limits the execution time for each stream. |
450 |
# The default values are noted below, the timeout is in milliseconds. |
451 |
# If the stream matching for one stream took longer than the timeout value, and this happened more than "max_faults" times |
452 |
# that stream is disabled and a notification is shown in the web interface. |
453 |
#stream_processing_timeout = 2000 |
454 |
#stream_processing_max_faults = 3 |
455 |
|
456 |
# Length of the interval in seconds in which the alert conditions for all streams should be checked |
457 |
# and alarms are being sent. |
458 |
#alert_check_interval = 60 |
459 |
|
460 |
# Since 0.21 the Graylog server supports pluggable output modules. This means a single message can be written to multiple |
461 |
# outputs. The next setting defines the timeout for a single output module, including the default output module where all |
462 |
# messages end up. |
463 |
# |
464 |
# Time in milliseconds to wait for all message outputs to finish writing a single message. |
465 |
#output_module_timeout = 10000 |
466 |
|
467 |
# Time in milliseconds after which a detected stale master node is being rechecked on startup. |
468 |
#stale_master_timeout = 2000 |
469 |
|
470 |
# Time in milliseconds which Graylog is waiting for all threads to stop on shutdown. |
471 |
#shutdown_timeout = 30000 |
472 |
|
473 |
# MongoDB connection string |
474 |
# See https://docs.mongodb.com/manual/reference/connection-string/ for details |
475 |
mongodb_uri = mongodb://localhost/graylog |
476 |
|
477 |
# Authenticate against the MongoDB server |
478 |
#mongodb_uri = mongodb://grayloguser:secret@localhost:27017/graylog |
479 |
|
480 |
# Use a replica set instead of a single host |
481 |
#mongodb_uri = mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog |
482 |
|
483 |
# Increase this value according to the maximum connections your MongoDB server can handle from a single client |
484 |
# if you encounter MongoDB connection problems. |
485 |
mongodb_max_connections = 1000 |
486 |
|
487 |
# Number of threads allowed to be blocked by MongoDB connections multiplier. Default: 5 |
488 |
# If mongodb_max_connections is 100, and mongodb_threads_allowed_to_block_multiplier is 5, |
489 |
# then 500 threads can block. More than that and an exception will be thrown. |
490 |
# http://api.mongodb.com/java/current/com/mongodb/MongoOptions.html#threadsAllowedToBlockForConnectionMultiplier |
491 |
mongodb_threads_allowed_to_block_multiplier = 5 |
492 |
|
493 |
# Drools Rule File (Use to rewrite incoming log messages) |
494 |
# See: http://docs.graylog.org/en/2.1/pages/drools.html |
495 |
#rules_file = /etc/graylog/server/rules.drl |
496 |
|
497 |
# Email transport |
498 |
#transport_email_enabled = false |
499 |
#transport_email_hostname = mail.example.com |
500 |
#transport_email_port = 587 |
501 |
#transport_email_use_auth = true |
502 |
#transport_email_use_tls = true |
503 |
#transport_email_use_ssl = true |
504 |
#transport_email_auth_username = you@example.com |
505 |
#transport_email_auth_password = secret |
506 |
#transport_email_subject_prefix = [graylog] |
507 |
#transport_email_from_email = graylog@example.com |
508 |
|
509 |
# Specify and uncomment this if you want to include links to the stream in your stream alert mails. |
510 |
# This should define the fully qualified base url to your web interface exactly the same way as it is accessed by your users. |
511 |
#transport_email_web_interface_url = https://graylog.example.com |
512 |
|
513 |
# The default connect timeout for outgoing HTTP connections. |
514 |
# Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds). |
515 |
# Default: 5s |
516 |
#http_connect_timeout = 5s |
517 |
|
518 |
# The default read timeout for outgoing HTTP connections. |
519 |
# Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds). |
520 |
# Default: 10s |
521 |
#http_read_timeout = 10s |
522 |
|
523 |
# The default write timeout for outgoing HTTP connections. |
524 |
# Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds). |
525 |
# Default: 10s |
526 |
#http_write_timeout = 10s |
527 |
|
528 |
# HTTP proxy for outgoing HTTP connections |
529 |
# ATTENTION: If you configure a proxy, make sure to also configure the "http_non_proxy_hosts" option so internal |
530 |
# HTTP connections with other nodes does not go through the proxy. |
531 |
# Examples: |
532 |
# - http://proxy.example.com:8123 |
533 |
# - http://username:password@proxy.example.com:8123 |
534 |
#http_proxy_uri = |
535 |
|
536 |
# A list of hosts that should be reached directly, bypassing the configured proxy server. |
537 |
# This is a list of patterns separated by ",". The patterns may start or end with a "*" for wildcards. |
538 |
# Any host matching one of these patterns will be reached through a direct connection instead of through a proxy. |
539 |
# Examples: |
540 |
# - localhost,127.0.0.1 |
541 |
# - 10.0.*,*.example.com |
542 |
#http_non_proxy_hosts = |
543 |
|
544 |
# Disable the optimization of Elasticsearch indices after index cycling. This may take some load from Elasticsearch |
545 |
# on heavily used systems with large indices, but it will decrease search performance. The default is to optimize |
546 |
# cycled indices. |
547 |
# |
548 |
# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these |
549 |
# to your previous settings so they will be migrated to the database! |
550 |
#disable_index_optimization = true |
551 |
|
552 |
# Optimize the index down to <= index_optimization_max_num_segments. A higher number may take some load from Elasticsearch |
553 |
# on heavily used systems with large indices, but it will decrease search performance. The default is 1. |
554 |
# |
555 |
# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these |
556 |
# to your previous settings so they will be migrated to the database! |
557 |
#index_optimization_max_num_segments = 1 |
558 |
|
559 |
# The threshold of the garbage collection runs. If GC runs take longer than this threshold, a system notification |
560 |
# will be generated to warn the administrator about possible problems with the system. Default is 1 second. |
561 |
#gc_warning_threshold = 1s |
562 |
|
563 |
# Connection timeout for a configured LDAP server (e. g. ActiveDirectory) in milliseconds. |
564 |
#ldap_connection_timeout = 2000 |
565 |
|
566 |
# Disable the use of SIGAR for collecting system stats |
567 |
#disable_sigar = false |
568 |
|
569 |
# The default cache time for dashboard widgets. (Default: 10 seconds, minimum: 1 second) |
570 |
#dashboard_widget_default_cache_time = 10s |
571 |
|
572 |
# Automatically load content packs in "content_packs_dir" on the first start of Graylog. |
573 |
#content_packs_loader_enabled = true |
574 |
|
575 |
# The directory which contains content packs which should be loaded on the first start of Graylog. |
576 |
#content_packs_dir = data/contentpacks |
577 |
|
578 |
# A comma-separated list of content packs (files in "content_packs_dir") which should be applied on |
579 |
# the first start of Graylog. |
580 |
# Default: empty |
581 |
content_packs_auto_load = grok-patterns.json |
582 |
|
583 |
# For some cluster-related REST requests, the node must query all other nodes in the cluster. This is the maximum number |
584 |
# of threads available for this. Increase it, if '/cluster/*' requests take long to complete. |
585 |
# Should be rest_thread_pool_size * average_cluster_size if you have a high number of concurrent users. |
586 |
proxied_requests_thread_pool_size = 32 |