Where in I install graylog2 as a linux newb

Or just watch the video 🙂

First download Ubuntu

Use the 64-bit PC (AMD64) server install image I’m installing inside vmware so I choose Ubuntu 64bit as the vm type. The AMD64 might throw you off, it just means 64bit.

Mount and boot the .iso. Install using defaults. Done.

Next, try to get vmware tools installed.

I followed these instructions -> from here

And it looks like they actually worked!


Ubuntu Server with only a command line interface

  1. Go to Virtual Machine > Install VMware Tools (or VM > Install VMware Tools).Note: If you are running the light version of Fusion, or a version of Workstation without VMware Tools, or VMware Player, you are prompted to download the Tools before they can be installed. Click Download Now to begin the download.
  2. In the Ubuntu guest, run these commands:
    1. Create a directory to mount the CD-ROM by running the command:sudo mkdir /mnt/cdromWhen prompted for a password, enter your Ubuntu admin user password.Note: For security reasons, the typed password is not displayed. You do not need to enter your password again for the next five minutes.
    2. Mount the CD-ROM by running the command:sudo mount /dev/cdrom /mnt/cdrom or sudo mount /dev/sr0 /mnt/cdrom
    3. The file name of the VMware Tools bundle varies depending on your version of the VMware product. Run this command to find the exact name:ls /mnt/cdrom
    4. Extract the contents of the VMware Tools bundle by running the command:tar xzvf /mnt/cdrom/VMwareTools-x.x.x-xxxx.tar.gz -C /tmp/Notex.x.x-xxxx is the version discovered in the previous step.
    5. Change directories into the VMware Tools distribution by running the command:cd /tmp/vmware-tools-distrib/
    6. Install VMware Tools by running the command:sudo ./ -dNote: The -d switch assumes that you want to accept the defaults. If you do not use -d, press Return to accept each default or supply your own answers.
  3. Run this command to reboot the virtual machine after the installation completes:sudo reboot

Assign a static ip using instructions here ->

Static IP Address Assignment

To configure your system to use a static IP address assignment, add the static method to the inet address family statement for the appropriate interface in the file /etc/network/interfaces. The example below assumes you are configuring your first Ethernet interface identified as eth0. Change the addressnetmask, and gateway values to meet the requirements of your network.

auto eth0
iface eth0 inet static

By adding an interface configuration as shown above, you can manually enable the interface through the ifup command.

sudo ifup eth0

--- OK now to install. taken from here ->

The salient point of the install is

Installation steps
sudo apt-get -y install git
cd ~
git clone
chmod +x ./graylog2/

Now enter the following to start running the script.
cd ~
sudo ./graylog2/
That will take a while, I don't know how long since I went home and it was done when I got back.

--tada it worked

---now setup the redirect Rsyslog is listening on UDP/514 and forwarding to Graylog2 which is listening on UDP/10514

Open your browser of choice and connect to http://ip.or.nameofgraylog2server:9000

Login with username admin and password is password123


Click on system


Click on nodes


Select action and then manage inputs


Select Syslog UDP from dropdown


Give it a name of syslog redirect and port 10514 and then click launch and close. (Rsyslog is listening on UDP/514 and forwarding to Graylog2 which is listening on UDP/10514)


You should now see your new input created and accepting traffic.


--- Ok, now to get our ESX traffic in. Taken from ->

Now assuming that you have Graylog2 up and running let’s configure our ESXi hosts to send their syslogs to our new Graylog2 server.

Open your vSphere Client and select your host from vCenter or connect directly to your host. Select configuration and then advanced settings under the software section. Scroll down and expand Syslog and select global. Now fill in udp://ipaddressofgraylog2:514 then click ok.



Now you have to allow syslog data to be sent from your host. In order to do this you must configure the firewall on the host to allow this. So on the configuration page select security profile under the Software section. Scroll down to syslog and enable the checkbox and click ok.


Once that is done you should start to see syslog data showing up in Graylog2. The only other thing you might want to do is make sure that each of your hosts are showing up as unique hosts within Graylog2. Other than that you are good to go. You can also configure other devices in your environment to send their syslog data back to your Graylog2 server.

OK, now I see stuff flowing in but I need to make some sort of dashboard! I'll figure that out next!


check new notifications queued, vmware

As documented here

Just restart the VMware vCenter Update Manager Service on your VCS server to fix.


Finally trying out 10Gig vmotion on our Juniper EX4550

So previously we had two 1Gig Nics setup for VMotion, on a VM with 32GB of RAM not under load it was able to vmotion in 5 Minutes.

I finally got around to stacking and configuring our EX4550’s. Using two 10G Nics it is able to transfer the same 32GB virtual machine in 30 seconds! Yay for 10X’s faster!

#VEEAM VPower NFS volume already exists The specified key, name, or identifier already exists

Restart the management service fixed it for me.

[ warning] [vmusr:vmusr] Error in the RPC receive loop: RpcIn: Unable to send.


(I didn’t have to reboot)

It seems that the upgrade didn’t create the file tools.conf

You can create it like this:


log = true

# Enable tools service logging to vmware.log
vmsvc.level = debug
vmsvc.handler = vmx

# Enable new “vmusr” service logging to vmware.log
vmusr.level = error
vmusr.handler = vmx

# Enable “Volume Shadow Copy” service logging to vmware.log
vmvss.level = debug
vmvss.handler = vmx

Save it as tools.conf in the appropriate folder for the guest OS.

Windows XP and Windows Server 2000/2003
C:\Documents and Settings\All Users\Application Data\VMware\VMware Tools\tools.conf

Windows Vista, Windows 7, and Windows Server 2008
C:\ProgramData\VMware\VMware Tools\tools.conf

Linux, Solaris, and FreeBSD

After saving and closing, restart the Tools service.

Proper Etiquette For Unmounting a LUN or Detaching a Datastore/Storage Device from multiple ESXi 5.x #EqualLogic #VMWARE

So I was complaining to a group of fellow nerds about how much a pain in the butt it is to ‘properly’ remove a LUN from ESX… you know so that you don’t cause an APD incident (you know, accidentally freeze up all of your virtual machines…)

So the proper procedure is painful (less painful though than it used to be with 4.1 ESX though)

So then of course vmPete chimes in with I just use the EqualLogic HIT kit Virtual edition

Duh! I had been so busy getting ESX5.1 i setup and the new vcenter that I forgot all about it! Well let me tell you, it is a lifesaver! With just a couple of clicks I can create a volume, and with a couple of clicks I can delete a volume! Do you know how much time and pain that saves! So now I’m having fun recreating my volume with vmfs5.

Installing vcenter database 5.1