Zimbra-Graylog

Dashboard

Zimbra -> Filebeat -> Graylog -> Elasticsearch
Last updated: a year ago

Downloads: 398

  • grafana zimbra graylog.png
    grafana zimbra graylog.png

Graylog

To config graylog for this dashboard get files from this repository.

 #git clone https://github.com/opc40772/Zimbra-Graylog

Download this dashboard, edit it and replace domain.com whith your domain name.

Collector Configuration Details

Only modify Filebeat prospectors and Logstash output to connect to graylog beats input

#=================== Filebeat prospectors ======================
filebeat.prospectors:

# Each – is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
#Below are the prospector specific configurations.

– input_type: log
document_type: postfix
paths:
 – /var/log/mail.log
– input_type: log
document_type: zimbra_audit
paths:
– /opt/zimbra/log/audit.log
– input_type: log
document_type: zimbra_mailbox
paths:
– /opt/zimbra/log/zmmailboxd.out
– input_type: log
document_type: nginx
paths:
– /opt/zimbra/log/nginx.access.log
 
#———————- Logstash output —————————
output.logstash:
# The Logstash hosts
hosts: ["graylog.dominio.com:5045"]

# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
bulk_max_size: 2048
#ssl.certificate_authorities: ["/etc/filebeat/graylog.crt"]
template.name: "filebeat"
template.path: "filebeat.template.json"
template.overwrite: false
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"

# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"