Course Review – Docker and Kubernetes

post1

I’d been meaning to look into Docker for a while but never really seemed to find the time. After dithering about for a bit I decided to find a course, something short and to the point.

A bit of googling later and I found a couple of one day courses run by Skippbox, the first course/day was all about Docker and the second was all Kubernetes.

The courses were presented by Sebastian Goasguen, who wrote The Docker Cookbook. Very approachable and knowledgeable. Before the course Sebastian e-mailed me to ask that I install the Docker Toolbox. As I run a Linux desktop with VMware workstation, it didn’t really apply but did send me off looking into the toolbox and what it was all about. It’s basically an installer that aims to get you going with Docker on Windows or a Mac as quickly and as easily as possible by installing Docker Machine, Engine, Compose and as well as Oracle Virtualbox. No support for VMware workstation I see.

Day one (course one): Hello Docker.

The docker course was really interesting, and quite fast. At the beginning of the day Sebastian gave us an introduction the the history of Docker, where it came from, and what problems it could potentially solve in the enterprise. Then on to the basics of downloading our first containers, running, stopping, starting, gearing up  to modifying and editing our own docker files, showing us how to setup our own repo’s,working with networking and security, and then flat out into continuous integration and more. All in I would say it was a very productive day.

Day two(course two): Kubernetes, or as I like to put it, “ Lets dial this up to 11”.

Since we’d all been on the course the day before, we hit the ground running, with a brief overview of the history of Kubernetes. Sebastian provided us with a couple of VM’s running in Digital Ocean and AWS, which we used for remote deployments and orchestration. The course went fast but at no time did I feel like I couldn’t stop and ask for clarification and more detail. Orchestration, clustering, proxying, static routes, resilience, to name a few. It went fast. Toward the end of the day we were working on our own examples that we felt were relevant with Sebastian helping and guiding. He also went on to show us kmachine, which is one of Skippbox’s main focuses.

The two courses were a great introduction into containerisation and what it could do and gives you enough that you can go off and get setup yourself. I really liked Sebastian’s enthusiasm, which pushed me to look more into containers. You can tell he lives and breathes this stuff which made two days much more insightful.

Looking to get into docker? These two courses might be just what you are looking for.

Teaching yourself vRealize Orchestrator and Javascript

So the last couple of months I have been fairly quiet on the blogging front, needing to spend much of my time upgrading my skill set.

As we go forward in the infrastructure the hypervisor, and its core development is becoming less of a factor in deciding what to run. With the rise of cloud and containerisation, we have seen a huge shift in focus over to the infrastructure supporting these technologies. Management, automation, and software defined are seeing their importance rise, and rise fast.

Where does this leave the likes of VMware? They are a hypervisor company after all. Well not anymore. Some bright sparks at VMware saw this coming and started to focus on cloud. Unfortunately, while VMware were very well placed to push their cloud offering, for various reasons it hasn’t done too well when compared to Azure and AWS. Fortunately, somebody at VMware decided that, to succeed, they needed to play nicely with all the other kids in the playground and with that came the rise of their updated software defined strategy and the vRealize suite; an encompassing suite of products purchased and developed by VMware to monitor, automate, manage, and secure your infrastructure.

I am pushing hard to teach myself the vRealize product suite and I’m really enjoying it. Above all what I really appreciate is the agnostic nature of these products. Yes, they are owned and developed by VMware but they are designed to work with all hypervisors and most infrastructure.

vRealize Orchestrator is what I am currently working through. It’s very impressive and to get a real handle on it you should really learn Javascript. Hence the reason for this post.

vRealize Orchestrator Essentials by Daniel Langenhan

VMware vRealize Orchestrator Essentials_

As you would expect from an essentials book, it is written for people that have absolutely no prior experience with Orchestrator. The book is well written, easy to follow and takes you from understanding the architecture all the way through to some of the more advanced workflows and how to build and modify them, with a bit of Javascript thrown in for good measure. The author clearly knows his stuff and at no time do you feel like the author is making assumptions of your level of knowledge, with clear explanations though out. The book is designed to be read from beginning to end rather than as a reference, although having finished it I now dip in and out of it when I need to.

The book doesn’t pretend to be the definitive guide to Orchestrator, its purpose is to get you using it with confidence and give you a good grounding to find out more, if you want to. The author has also gone as far as to release an update in PDF to reflect the differences between the older version (which the book is written for) and the newer version. Truth be told not too much has changed.

I would strongly recommend this book if you are interested in getting into Orchestrator.

You don’t know JS – Up and Going by Kyle Simpson.

JS

I was looking about for a javascript course to augment my knowledge in Orchestrator and to get to know another programming language. Most of the courses out there focus on the web side of Javascript and often require that you know CSS and HTML first. That’s fine but not what I want to use Javascript for.

I came across a Javascript course on pluralsight, that ticked all the boxes of what I wanted. The course follows the presenters first book, “You don’t know JS – UP and Going”, and its available on github for free. After going through the Pluralsight training I went on to Amazon and bought the book.

Kyle Simpson has many years of experience with JS and manages to explain the concepts in an easy to digest manner. He starts by using a very simple statement “a = b * 2;” and breaks it down. This was a great approach as he managed to impart a lot of knowledge right from the get go.

The book continues to build on those basic building blocks and take you up to writing your own code. I have almost finished the book and I am going to buy the rest of the series once I do.

As an IT professional you are constantly in a cycle of learning and investigating new technologies and emerging trends. Self study can be a bit tricky especially when you are time poor. Picking the right books can make all the difference and the two above will do just that.

VCAP6-DCV Design beta exam review.

On Saturday the 5th of March, I had the pleasure of sitting the beta of the VCAP6-DCV design exam.

Since more exam centers are now able to host the exam I chose a center near me, which was really convenient as they are also open on a Saturday. After passing all the usual security checks and getting shown to my seat and logging in, the familiar NDA popped into view and I was away.

The beta exam was 4 hours and I finished with time to spare. Was the exam difficult? Sure, but there were no questions that were outside the blueprint.

Most of the experience was a massive improvement over the VCAP5 exam. No lag, fast, and easy to navigate. However every silver lining has a cloud, in the middle of one tricky design question, everything locked up and up popped an error with the Pearson exam engine. I signaled to the exam monitor that I had a problem. She spent the next few minutes on the phone with an incredibly unhelpful Pearson. They claimed that everything but themselves was to blame. Suddenly, as soon as it began the problem mysteriously resolved itself. Weird *cough* Pearson messed up *cough*. One or two of the questions were also incomplete and didn’t provide all the info I needed but I did add notes and suggestions where appropriate so hopefully that will help.

If I’ve managed to do enough to pass I’ll get myself lifted to the VCIX-DCV cert, which would be a bonus.

Exam Tips:

  • The exam itself is filled with all the new vSphere 6 goodness, so if you’ve just passed the VCAP5-DCD and are expecting to walk this exam you’ll most likely waste your money.
  • As is obvious from the many blogs about, the VMware design exams are difficult but not impossible.
  • Having design experience is ideal but not essential. You can work this to your advantage which I’ll explain in a bit.
  • If you think the question or scenario is incomplete, there is the option to add a note to any question.
  • Get a lab together, it you can. There are cloud services out there you can use to run a virtualised lab.
  • Don’t allow yourself to get rattled. If you are struggling, flag the question for review and come back to it later.
  • Put a study plan together based on the official blueprint. There is a large body of information to absorb so make sure you budge your time appropriately.
  • Know your Requirements, Risks, Assumptions, and constraints.
  • Some scenarios have a large amount of information, some relevant to the design, some not, but all must be considered. Take notes while reading the question or scenario and focus on what they’ve asked you. It’s a valuable time saver.
  • If you have time at the end of the exam, use it to review your questions but try not to second guess yourself.

And finally as I mentioned before, if you don’t have real world design experience make it work to your advantage. Wait, what, how’s that? As anybody who’s run through a few designs know, there’s usually more than one way to skin a cat. Well VMware likes you to do your designs in a specific way and they have certain methodologies and ways of looking at the world. For example, the whole upstream, downstream, thing drives me crazy, and different companies either consider the user upstream or downstream. If you learn how to do designs the way VMware wants you to, without outside influence, it’ll be easier to visualise what they are after.

I’ve often heard techies who’ve sat this exam complain that technical designs are subjective, but it shouldn’t really be the case here. It’s a VMware exam and should be done the VMware way. Follow the blueprint, read the study guides and provided you also put in the study time, you’ll do just fine.

Veeam Backup Free Edition – Install

Just over a couple of weeks ago now, Veeam released version 9 of their product suite. Most notable of those are Veeam Backup & Replication and Veeam One (their monitoring and backup products)

Veeam have done an amazing job with their backup product and it wasn’t too long ago that if you wanted to backup your VM’s then Veeam was the only realistic choice. The other backup vendors are catching up and more choice is starting to appear in the market but Veeam still have the edge and because of this are the clear leaders, in my opinion, for VM backups.

What Veeam have always done, as far as I can remember, is offer free versions of their products. There are limitations,  of course, but you can still monitor and backup the products. Where I used to work we used the free version of Veeam One for quite a while before we made the jump to the paid version.

With the free version of the backup product you can only backup one VM at a time in the GUI, which could be cumbersome. In addition it doesn’t work on the free version of ESXi. I’m guessing that VMware called in a favour there. However you can do some scripting around this as sometime last year Veeam decided to allow some powershell CMDLETs to be called in the free version. This is great because you can now script around the limitation of “one VM at a time” and I use this script myself to backup my home lab. For a small shop, home lab, small engineering environment its perfect. I tend to do some fairly destructive things to my lab and this saves time rebuilding.

However I would still recommend going with one of the paid for versions if you are looking at backing up VM’s in a production environment. There is much goodness and value in the paid versions.

Installing Veeam Backup Free edition V9.

Before you continue you’ll need to go to Veeam’s website and create an account to download the Backup software ISO. The ISO is large at 1.2TB. I’m using a Windows 2012 R2 server for this install guide and it allows me to mount an ISO as a virtual DVD. If you are using an older version of windows you’ll need to extract the ISO.

  1. Right click the ISO and select mount.veeam_free_7
  2. Browse to the mounted ISO and double click Setup.
    veeam_free_8
  3. If you get a User Account Control warning click yes.veeam_free_9
  4. Click on the Backup and Replication panel.veeam_free_10
  5. If, like me, you skimp on resources in your lab you’ll get this message. Click Yes.veeam_free_11
  6. One of the cool features of the Veeam installer is that it actually offers to install the missing requirements. Click OKveeam_free_12veeam_free_13
  7. Once the .NET requirement is met the installer starts. Click Next.veeam_free_14
  8. Select “I accept the terms in the license agreement” and click Next.veeam_free_15
  9. If you have a license key you can click Browse and select it but as we are using the free version you only need to click Next.veeam_free_16
  10. The default on this window is to have all three features selected for installation, however you can decide not to install the console for example. I have left the three features enabled. Select Next.veeam_free_17
  11. Again, trying to make things as easy as possible by offering to install the missing requirements. If you, like me didn’t have them installed, select Install.
    veeam_free_18
  12. Once the requirements have been met, click  Next.veeam_free_20
  13. The default configuration should work for most free installs, for most licensed installs too, but its good to have to option there if you need it. Click Install.veeam_free_21
  14. Once the update is done click Finish.veeam_free_23
  15. On your desktop you’ll now have the Veeam Backup & Replication Console icon. A quick double click will open up the login screen for Veeam Backup.veeam_free_24

So really easy and simple. Most people don’t really think about the installer for an APP but I’m always impressed that its so simple with veeam. How many times have you had to go and download an obscure patch or track down a particular version of .NET. Many vendors could learn a thing or two here, yes NetApp, I’m looking at you..

The future of VSAN – My take

There have been a few posts speculating on the future of VSAN and I for one am looking forward to it with great anticipation. However, I don’t think VMware really know what a hugely transformative technology VSAN could be.

I was lucky enough to attend VMworld 2015 and luckier to be invited to the VSAN pioneer summit, which gave us a real in-depth look at the future of VSAN. I liked what I was seeing but about an hour towards the end of the allotted time I put my hand up and asked why there were no NAS features planned for the future release. I mean it makes sense doesn’t it? Where’s NFS, where’s SMB? I know a linux architect who would love to see this come in.

If you really want to do the software defined storage thing then really go for it. NSX is the current favourite child. its being pushed everywhere, including presence into “competitors” such as AWS. So where’s the love for VSAN? Push this technology and it will really change the datacenter.

First Thoughts.

What if VMware made a VSAN only cluster, no VM’s allowed only storage exports. This would put them in direct competition with Storage vendors and would greatly reduce the cost for storage in the datacenter and allow for a huge amount of flexibility for businesses of all sizes. lets explore this idea more!

Fut_VSAN

Folders (native on the file system) or VMDK’s

VMDK wins. I would think that using VMDK’s instead of folders would be a much better idea. There would be no real changes needed to the VMFS file system to accommodate a much more granular permission structure that would be required by SMB. ESXi could mount the VMDK and write any file system in there. VMDK’s can be accessed by multiple ESXi hosts.

NFS3 – NFS4 – SMB2.x – SMB3

We already know that NFS4 and SMB3 can take advantage of multiple IP addresses (hosts) to provide multi-channel and VMware clusters are, quite frankly, an incredible implementation of clustering technology. Mounting the VMDK to multiple ESXi hosts would allow the data to be taken advantage of  by NFS4 and SMB3 compliant hosts.

SMB2.x and NFS3 prefer to access data through a single IP address or hostname. Now this is easy to implement immediately but if you want to add a bit more intelligence around it, some kind of construct that has a virtual IP that could move between hosts or something like the virtual IP address technology from Log insight clusters. Easier said than done I know but still should be considered.

Redundancy and performance

Kinda obvious, i know, but redundancy would be taken care of by VMware clustering technology. three or four hosts and that’s that taken care of.

Performance on the other hand could be very interesting topic, a complex topic, but still interesting. I would guess in the thousands of IOPs. There would be many factors to consider. Network speed, controller card, SSD speed, SSD size, and so on and so forth. In a future post I’ll look at this again.

Licensing

As this is only intended to be a storage service the licensing should be one ESXi-VSAN license (I’ve guessed it to be £1,500 but could be as high as £2,000, which I’ve also given as a cost per TB below)

Total Cost

So this is interesting and I’ve decided to look at a couple of real world examples below.

Dedicated Storage Appliance

I have a quote from a major vendor for £198,409.45. This figure gives us 48TB of HDD storage in 64 SAS disks and 9TB of SSD storage in 8 SSD disks (these figures are usable). For this project we decided to use the SSD as a caching layer.  As you would expect from an enterprise storage system it has a good deal of redundancy built-in with 4 nodes to manage the storage and 8 x 10GB Ethernet ports. All in, not bad for the price point and a good system all round.

Dedicated VSAN Cluster

Putting together our VSAN only node, to compete on numbers, I would size it like this: Looking at an HP DL380 Gen9 with one CPU (E5-2623) 32GB of Ram. Two disk pools with 1 x 800GB SSD and 7 X 1.2TB SAS disks each, giving us 1.6TB of SSD cache and 7.5TB of SAS storage (again these figures are usable based of a default VSAN storage policy of 2n). Two 10GB Ethernet ports.

To get the equivalent amount of usable storage as the popular storage vendors array we’d need 7 VSAN nodes.

So for the costs:

Items Storage Vendor VSAN
Nodes 4 7
10GB Network 8 14
SSD Cache Size 9.2TB 10.5TB
Usable SAS 48.5TB 52.9TB
Cost per system £198,409.45 £109,320.40
Cost per TB £4,090.92 £2,066.55

Note 1: I have estimated the cost of the VSAN license at £1,500. If the license were £2,000 then the cost per TB for VSAN would be £2,132.71.

Note 2 : (To be fair) The Storage vendor has extra goodness built-in to accelerate workloads and the hardware will be optimised and custom designed to do nothing but server data.

The above figures, which speak for themselves, are all based on real quotes and would be for an enterprise deployment.

If VMware really wanted this to be everywhere they could address smaller shops by allowing a single node VSAN. Why not; that would allow anybody to get a foot in and expand as their business grows.

So VMware, when will this be a reality for us?

Please let me know what you think and it there are any glaring errors. I’m also happy to discuss any of the above.

VMware designs using Mindmaps

I was introduced to mind maps at school as a way to take notes during class but never really worked with them. Earlier in the year, while studying for my DCD I happened to see somebody at the library referring to a mind map while they were working.

That got me thinking; mind maps are quite personal as in you put it together. In effect, its your mind map, its put together in a way that you can reference information clearly as it relates to how you have stored it in your mind.

I was going through Jason Grierson excellent DCD 5.5 Study pack at the time and decided to create a series of mind maps from the info. This allowed me to very quickly go and look for the detail I needed. If you are studying towards your DCD the DCD 5.5 Study pack is a really good collection of information that you should download and go through.

Lets take a look at the map I created for the three different types of designs that VMware references. This is quite a small map but allowed me to quickly get the differences between Conceptual, Physical, and Logical designs.Design_Types

The next map looking at the four design factors has a bit more detail giving examples and definitions of risks, assumptions, constraints and, requirements.

Design_Factors

And as a better example this map dives into the design requirements of manageability, recoverability, availability , security, and performance. Still not a big mind map by any means (the ones I’ve been working on for my VCDX are getting a bit on the big side).

Design_Requirements

Many of the maps I create will only ever be seen by me. I use them as references when working on designs. Actually I’ve been using them for any projects I now have, both professional and personal. I’m looking at doing some work on my kitchen and this tool has helped keep all my ideas together in a way that I can easily reference them.

The reason I chose to show these maps is to give you another tool when putting together designs and working out what the client/your boss is trying to get you to do.

The software I use to create my maps is Simplemind. It’s avaliable for PC, MAC, Android, and IOS. There is less featured free version for IOS and Android. The map can be shared through all platforms via Dropbox.

Book Review – Essential Virtual SAN

VSANI have a confession to make. I am a Virtual SAN junkie. From the performance, to the expandability, to the simplicity, it’s an amazing product. The whole concept makes me wonder why the big storage players didn’t come up with the idea first.

Looking forward, the future forVSAN is very bright. This is a massive development and I think it will have wider reach than NSX. It’s so easy to get up and running, that a business of any size could spin it up with little effort. Just don’t forget to validate against the HCL.

Now, if you are happy with that and don’t really intend to do much with it then click away now, but if you want to understand more about the technology you are running then Duncan Epping and Cormac Hogans book Essential Virtual SAN is one of the best resources you can sink your money into.

Before we carry on, one thing to note is that this book is written around VSAN 1.0. While VSAN 6.1 is out it’s not 6 versions further on but more like 1 full release and 1 point release further on. VMware changed the version numbers to reflect the vSphere versions. So that said, this book isn’t obsolete. Far from it. The new versions really only build on what is already an amazing platform. It is still completely relevant, just missing some new goodies, like stretched clustering and info about the updated file system. For all the updated info have a crawl through Cormac’s blog and the VMware Technical Papers.

I’ve ready a couple of Duncan’s other books, the vSphere 5.1 Clustering Deep dive written with Frank Denneman for example,and found them to be very easy to read. Often a book aimed at techies can be very dry, which makes then a struggle. Cormac is Mr VMware Storage and his blog, read by many people, is always informative and good to read.

Essential Virtual SAN on the other hand reads well. The sections are well thought out and the book takes you from introducing VSAN all the way through to using the vSphere ruby console to look in real detail at what the individual disks are doing.

The authors do state that this is not a starters guide, while they are right, I found this book to be more than enough for both beginners and the more experienced to really find useful.

Duncan and Cormac’s enthusiasm for VSAN really comes through in this book. Obvious, I know, when you look at their blogs, but it does feel like this is more than a 9-5 for them.

At the office we have recently deployed VSAN. This went through the usual steps of putting it in engineering, running a successful POC and finally getting senior management buy in to roll it out. This book was a huge help in helping me boost my knowledge and fielding any concerns raised by the business.

I did attend the VSAN deploy and manage course, this book is better.

The future for VSAN is bright and, to me it’s clear that this should be on your roadmap, if it isn’t already.

Graylog – Dashboard Creation.

Carrying on with my Graylog posts, the following will give you an introduction to creating a basic but functional dashboard.

Why do you need a dashboard? Well you can view a number a widgets very quickly which can all be configured with separate search queries. What’s really convenient is that it’s your dashboard, not one that the vendor thinks you will need. Every environment has different requirements. Perhaps you are tracking iSCSI disconnects and want to see a count of the number of iSCSI errors you are getting prior to the event, maybe want to track how many logs vpxa generates, or list the amount of port scans you are getting on your external firewall. It’s really defined by you.

  1. Browse to your Graylog server and login.GL20
  2.  Click on Dashboard on the Menu across the top.Gray_Dash_01
  3. Once the Dashboards tab has opened click Create Dashboard.Gray_Dash_02
  4. Give your new Dashboard a name and description.Gray_Dash_03
  5. You now have a brand new empty dashboard. lets get some widgets generated and add them in.Gray_Dash_04
  6. Click on Search in the menu bar and in the search field type something that you’d like to keep an eye on. For this purpose I’ve chosen the vpxa. It’s noisy and will be a good example.Gray_Dash_05
  7. This will return, a histogram and a bunch of messages.Gray_Dash_06
  8. Lets add the histogram to the dashboard. In the histogram pane click on Add to dashboard and select the dashboard you want to add the histogram to.Gray_Dash_07
  9. And lets add one more. In the Fields pane, expand Messages and click Quick Values. Then in the Quick values for message Click Add to dashboard and select your dashboard.Gray_Dash_08
  10. Go through the various fields and widgets and add what you think will be useful.
  11. Back to our dashboard. Click on Dashboard in the Menu across the top and then click on the name of the dashboard you just created.Gray_Dash_09
  12. You’ll now see the widgets you’ve added to your dashboard. You’ll also see three buttons, Update in background, fullscreen and unlock/edit. To rearrange your widgets click unlock/edit and move them around as needed. Update in background keeps the widgets live and fullscreen puts the screen into a display mode which could be useful to display on screens around the IT department.Gray_Dash_10
  13. Once you are done move things around click lock to take it out of editing mode.Gray_Dash_11

The above does go through creating a very basic dashboard by once again this demonstrates how useful Graylog really is. If you are looking for log monitoring you will be in a safe place with Graylog. The flexibility and scalability, absolutely compete with, and often exceed, the larger paid for rivals.

VCDX – Here we go.

The first of the VCDX defense dates for 2016 have been announced and in the last week a new round of VCDX’s have received their emails and a big congratulations to all of them

I’ve been looking forward to the new 2016 dates for a while. This gives me a time frame to get all the requirements together.

If all goes according to plan I’m hoping  to defend in the last week of April but that means I need to submit but the 11th of February. which is only three short months away and I still have a huge amount to get together.

As I work through various part of my design I’ll be tracking my progress through this blog.

Designs that are your own are easier to justify, or are they? Take one of your own designs (as I’ve done with this one), and try to look at it with fresh eyes. It’s yours, yes, but can you really quantify every decision to a third-party. Why have you chosen to ignore LACP, why aren’t you using resource pools, why have you used the windows deployment of vCenter server instead of the appliance. iSCSI vs NFS. 5 Hosts, really, why not 3 larger hosts instead? Want to bring in VVOLs, have you spoken with the storage team to find out if it can fit with their vision? Why, Why, Why?

All of the above and more needs to be worked through. The foundation of my design is one that I have done for the company I currently work for. It is a two DC deployment with SRM to replicate between them. My submission will be partly fictitious as I want to take what I currently have and update it.  I’ll need to go through and look at every decision and document it.

I understand that this will be a huge undertaking but I am looking forward to it. Most importantly I have the support of my family.

Now, I need a mentor…

Deploying the Graylog OVA – Easy

As a follow up to my previous post, I’ll go through deploying and configuring the Graylog OVA. It’s really, really easy. if face the whole process should only take about 20 minutes before you have a set-up ready to receive logs.

A typical Graylog appliance (OVA) deployment can be broken down into three parts, 1) OVA Deployment, 2) OS network configuration, 3) Configuring an Input.

1 – OVA Deployment.

  1. Log in the vSphere web client using an account that has permission to configure the environment.Lic-1
  2. Select Home and Hosts and Clusters.AH-1
  3. Right click the cliuster you want to deploy Graylog into and select Deploy OVF template.GL1
  4. Select Browse and select the Graylog OVA.GL3
  5. Select Next.GL4
  6. Give you Graylog OVA a name and select a folder for it to go into. Select Next.GL5
  7. Select a Virtual Disk Format. Choose a Storage Policy and a datastore to deploy the OVA into and click Next. NOTE: If this is going into production and you anticipate a large amount of logs to come in then you should set your disk format to be Eager Zero Thick.GL6
  8. Choose a network.GL7
  9. Review your setting and click Finish.GL9

vSphere will go off and deploy your OVA. The above process will take about 5 minutes.

2 – OS network configuration.

The Graylog OVA is based around Ubuntu and is configured with DHCP straight out of the box. If that doesn’t bother you skip this step.

  1. Open a console to the Graylog VM. Login using the username ubuntu and the password is ubuntu.GL10
  2.  Edit the interfaces file. (sudo vi /etc/network/interfaces). Hit enter.GL12
  3.  Delete iface eth inet dhcp and replace with the following (but customising to your network requirements). exit when done (:wq!)GL14
  4. Next we’ll tidy up the hosts file. (sudo vi /etc/hosts).GL15
  5. I’ve chosen to keep my hostname as Graylog so all I needed to do was change 127.0.1.1 to 127.0.0.1.GL16
  6. You’ll need to edit resolv.conf.GL17
  7. Set the nameserver entries to match the DNS servers in your environment. One for each DNS server you want to use. In addition set domain and search to match your domain.GL18
  8. Once you’ve done all of that run sudo graylog-ctl reconfigure. This will catch any change you have made that Graylog might rely on.

Its imporant to note here that the graylog-ctl script is quite versatile and allows you to make chages to Graylog, such as change your timezone and admin password, which should be done if you want to push this into a production environment,. Note: If you do make any changes make sure you run sudo graylog-ctl reconfigure.

OK so to be fair the above took me about 10 minutes to do, however if you are not familiar with Linux it’ll take longer but the Ubuntu community is very active and can help.

3 – Input Configuration.

So now we have our Graylog server ready to go, well almost. The amount of inputs that Graylog can receive is quite vast. In addition to the preconfigured inputs you can make your own. We’ll look at configuring the most common. the syslog input for both UDP and TCP.

  1. Browse to your Graylog server and, if it’s running you’ll be greeted with the login prompt.GL20
  2. In the menu bar across the top select System and Inputs.GL21
  3. From the drop down menu under Inputs in Cluster select Syslog TCP and click Launch new input. In the setting box all you need to do is give your new input a name (e.g. Syslog_TCP).GL22
  4. Setup the same for Syslog UDP.GL23

That’s really as difficult as it gets. Now you have the basic features set-up and configured all you need to do is point the infrastructure you want to log at it.

So the previous two posts only really scratch the surface of what is a really powerful tool. Being an opensource project,the code is readily available for anybody to look at. API;s are exposed and documented, dashboards and alerts can be configured, and custom inputs can be setup, to name a few.

Once more, Good work guys.