############################# GRAYLOG CONFIGURATION FILE####################

1. ############################
2. # GRAYLOG CONFIGURATION FILE
3. ############################
4. #
5. # This is the Graylog configuration file. The file has to use ISO 8859-1/Latin-1 character encoding.
6. # Characters that cannot be directly represented in this encoding can be written using Unicode escapes
7. # as defined in https://docs.oracle.com/javase/specs/jls/se8/html/jls-3.html#jls-3.3, using the \u prefix.
8. # For example, \u002c.
9. #
10. # * Entries are generally expected to be a single line of the form, one of the following:
11. #
12. # propertyName=propertyValue
13. # propertyName:propertyValue
14. #
15. # * White space that appears between the property name and property value is ignored,
16. # so the following are equivalent:
17. #
18. # name=Stephen
19. # name = Stephen
20. #
21. # * White space at the beginning of the line is also ignored.
22. #
23. # * Lines that start with the comment characters ! or # are ignored. Blank lines are also ignored.
24. #
25. # * The property value is generally terminated by the end of the line. White space following the
26. # property value is not ignored, and is treated as part of the property value.
27. #
28. # * A property value can span several lines if each line is terminated by a backslash (‘\’) character.
29. # For example:
30. #
31. # targetCities=\
32. # Detroit,\
33. # Chicago,\
34. # Los Angeles
35. #
36. # This is equivalent to targetCities=Detroit,Chicago,Los Angeles (white space at the beginning of lines is ignored).
37. #
38. # * The characters newline, carriage return, and tab can be inserted with characters \n, \r, and \t, respectively.
39. #
40. # * The backslash character must be escaped as a double backslash. For example:
41. #
42. # path=c:\\docs\\doc1
43. #
44.  
45. # If you are running more than one instances of Graylog server you have to select one of these
46. # instances as master. The master will perform some periodical tasks that non-masters won't perform.
47. is_master = true
48.  
49. # The auto-generated node ID will be stored in this file and read after restarts. It is a good idea
50. # to use an absolute file path here if you are starting Graylog server from init scripts or similar.
51. node_id_file = /etc/graylog/server/node-id
52.  
53. # You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
54. # Generate one by using for example: pwgen -N 1 -s 96
55. password_secret = XXXXXXXXXXXXXXXXX
56.  
57. # The default root user is named 'admin'
58. #root_username = admin
59.  
60. # You MUST specify a hash password for the root user (which you only need to initially set up the
61. # system and in case you lose connectivity to your authentication backend)
62. # This password cannot be changed using the API or via the web interface. If you need to change it,
63. # modify it in this file.
64. # Create one by using for example: echo -n yourpassword | shasum -a 256
65. # and put the resulting hash value into the following line
66. root_password_sha2 = XXXXXXX
67.  
68. # The email address of the root user.
69. # Default is empty
70. root_email = "correctadressmail@company.com"
71.  
72. # The time zone setting of the root user. See http://www.joda.org/joda-time/timezones.html for a list of valid time zones.
73. # Default is UTC
74. root_timezone = Europe/Paris
75.  
76. # Set plugin directory here (relative or absolute)
77. plugin_dir = /usr/share/graylog-server/plugin
78.  
79. # REST API listen URI. Must be reachable by other Graylog server nodes if you run a cluster.
80. # When using Graylog Collectors, this URI will be used to receive heartbeat messages and must be accessible for all collectors.
81. rest_listen_uri = http://adressipcorrect:9000/api/
82.  
83. # REST API transport address. Defaults to the value of rest_listen_uri. Exception: If rest_listen_uri
84. # is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system address is used.
85. # If set, this will be promoted in the cluster discovery APIs, so other nodes may try to connect on
86. # this address and it is used to generate URLs addressing entities in the REST API. (see rest_listen_uri)
87. # You will need to define this, if your Graylog server is running behind a HTTP proxy that is rewriting
88. # the scheme, host name or URI.
89. # This must not contain a wildcard address (0.0.0.0).
90. #rest_transport_uri = http://192.168.1.1:12900/
91.  
92. # Enable CORS headers for REST API. This is necessary for JS-clients accessing the server directly.
93. # If these are disabled, modern browsers will not be able to retrieve resources from the server.
94. # This is enabled by default. Uncomment the next line to disable it.
95. #rest_enable_cors = false
96.  
97. # Enable GZIP support for REST API. This compresses API responses and therefore helps to reduce
98. # overall round trip times. This is enabled by default. Uncomment the next line to disable it.
99. #rest_enable_gzip = false
100.  
101. # Enable HTTPS support for the REST API. This secures the communication with the REST API with
102. # TLS to prevent request forgery and eavesdropping. This is disabled by default. Uncomment the
103. # next line to enable it.
104. #rest_enable_tls = true
105.  
106. # The X.509 certificate chain file in PEM format to use for securing the REST API.
107. #rest_tls_cert_file = /path/to/graylog.crt
108.  
109. # The PKCS#8 private key file in PEM format to use for securing the REST API.
110. #rest_tls_key_file = /path/to/graylog.key
111.  
112. # The password to unlock the private key used for securing the REST API.
113. #rest_tls_key_password = secret
114.  
115. # The maximum size of the HTTP request headers in bytes.
116. #rest_max_header_size = 8192
117.  
118. # The maximal length of the initial HTTP/1.1 line in bytes.
119. #rest_max_initial_line_length = 4096
120.  
121. # The size of the thread pool used exclusively for serving the REST API.
122. #rest_thread_pool_size = 16
123.  
124. # Comma separated list of trusted proxies that are allowed to set the client address with X-Forwarded-For
125. # header. May be subnets, or hosts.
126. #trusted_proxies = 127.0.0.1/32, 0:0:0:0:0:0:0:1/128
127.  
128. # Enable the embedded Graylog web interface.
129. # Default: true
130. #web_enable = false
131.  
132. # Web interface listen URI.
133. # Configuring a path for the URI here effectively prefixes all URIs in the web interface. This is a replacement
134. # for the application.context configuration parameter in pre-2.0 versions of the Graylog web interface.
135. web_listen_uri = http://adressipcorrect:9000/
136.  
137. # Web interface endpoint URI. This setting can be overriden on a per-request basis with the X-Graylog-Server-URL header.
138. # Default: $rest_transport_uri
139. #web_endpoint_uri =
140.  
141. # Enable CORS headers for the web interface. This is necessary for JS-clients accessing the server directly.
142. # If these are disabled, modern browsers will not be able to retrieve resources from the server.
143. #web_enable_cors = false
144.  
145. # Enable/disable GZIP support for the web interface. This compresses HTTP responses and therefore helps to reduce
146. # overall round trip times. This is enabled by default. Uncomment the next line to disable it.
147. #web_enable_gzip = false
148.  
149. # Enable HTTPS support for the web interface. This secures the communication of the web browser with the web interface
150. # using TLS to prevent request forgery and eavesdropping.
151. # This is disabled by default. Uncomment the next line to enable it and see the other related configuration settings.
152. #web_enable_tls = true
153.  
154. # The X.509 certificate chain file in PEM format to use for securing the web interface.
155. #web_tls_cert_file = /path/to/graylog-web.crt
156.  
157. # The PKCS#8 private key file in PEM format to use for securing the web interface.
158. #web_tls_key_file = /path/to/graylog-web.key
159.  
160. # The password to unlock the private key used for securing the web interface.
161. #web_tls_key_password = secret
162.  
163. # The maximum size of the HTTP request headers in bytes.
164. #web_max_header_size = 8192
165.  
166. # The maximal length of the initial HTTP/1.1 line in bytes.
167. #web_max_initial_line_length = 4096
168.  
169. # The size of the thread pool used exclusively for serving the web interface.
170. #web_thread_pool_size = 16
171.  
172. # Configuration file for the embedded Elasticsearch instance in Graylog.
173. # Pay attention to the working directory of the server, maybe use an absolute path here.
174. # Default: empty
175. #elasticsearch_config_file = /etc/graylog/server/elasticsearch.yml
176.  
177. # Graylog will use multiple indices to store documents in. You can configured the strategy it uses to determine
178. # when to rotate the currently active write index.
179. # It supports multiple rotation strategies:
180. # - "count" of messages per index, use elasticsearch_max_docs_per_index below to configure
181. # - "size" per index, use elasticsearch_max_size_per_index below to configure
182. # valid values are "count", "size" and "time", default is "count"
183. #
184. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
185. # to your previous 1.x settings so they will be migrated to the database!
186. rotation_strategy = count
187.  
188. # (Approximate) maximum number of documents in an Elasticsearch index before a new index
189. # is being created, also see no_retention and elasticsearch_max_number_of_indices.
190. # Configure this if you used 'rotation_strategy = count' above.
191. #
192. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
193. # to your previous 1.x settings so they will be migrated to the database!
194. elasticsearch_max_docs_per_index = 20000000
195.  
196. # (Approximate) maximum size in bytes per Elasticsearch index on disk before a new index is being created, also see
197. # no_retention and elasticsearch_max_number_of_indices. Default is 1GB.
198. # Configure this if you used 'rotation_strategy = size' above.
199. #
200. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
201. # to your previous 1.x settings so they will be migrated to the database!
202. #elasticsearch_max_size_per_index = 1073741824
203.  
204. # (Approximate) maximum time before a new Elasticsearch index is being created, also see
205. # no_retention and elasticsearch_max_number_of_indices. Default is 1 day.
206. # Configure this if you used 'rotation_strategy = time' above.
207. # Please note that this rotation period does not look at the time specified in the received messages, but is
208. # using the real clock value to decide when to rotate the index!
209. # Specify the time using a duration and a suffix indicating which unit you want:
210. # 1w = 1 week
211. # 1d = 1 day
212. # 12h = 12 hours
213. # Permitted suffixes are: d for day, h for hour, m for minute, s for second.
214. #
215. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
216. # to your previous 1.x settings so they will be migrated to the database!
217. #elasticsearch_max_time_per_index = 1d
218.  
219. # Graylog will use multiple indices to store documents in. You can configured the strategy it uses to determine
220. # when to rotate the currently active write index.
221. # It supports multiple rotation strategies:
222. # - "count" of messages per index, use elasticsearch_max_docs_per_index below to configure
223. # - "size" per index, use elasticsearch_max_size_per_index below to configure
224. # valid values are "count", "size" and "time", default is "count"
225. #
226. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
227. # to your previous 1.x settings so they will be migrated to the database!
228. rotation_strategy = count
229.  
230. # (Approximate) maximum number of documents in an Elasticsearch index before a new index
231. # is being created, also see no_retention and elasticsearch_max_number_of_indices.
232. # Configure this if you used 'rotation_strategy = count' above.
233. #
234. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
235. # to your previous 1.x settings so they will be migrated to the database!
236. elasticsearch_max_docs_per_index = 20000000
237.  
238. # (Approximate) maximum size in bytes per Elasticsearch index on disk before a new index is being created, also see
239. # no_retention and elasticsearch_max_number_of_indices. Default is 1GB.
240. # Configure this if you used 'rotation_strategy = size' above.
241. #
242. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
243. # to your previous 1.x settings so they will be migrated to the database!
244. #elasticsearch_max_size_per_index = 1073741824
245.  
246. # (Approximate) maximum time before a new Elasticsearch index is being created, also see
247. # no_retention and elasticsearch_max_number_of_indices. Default is 1 day.
248. # Configure this if you used 'rotation_strategy = time' above.
249. # Please note that this rotation period does not look at the time specified in the received messages, but is
250. # using the real clock value to decide when to rotate the index!
251. # Specify the time using a duration and a suffix indicating which unit you want:
252. # 1w = 1 week
253. # 1d = 1 day
254. # 12h = 12 hours
255. # Permitted suffixes are: d for day, h for hour, m for minute, s for second.
256. #
257. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
258. # to your previous 1.x settings so they will be migrated to the database!
259. #elasticsearch_max_time_per_index = 1d
260.  
261. # Disable checking the version of Elasticsearch for being compatible with this Graylog release.
262. # WARNING: Using Graylog with unsupported and untested versions of Elasticsearch may lead to data loss!
263. #elasticsearch_disable_version_check = true
264.  
265. # Disable message retention on this node, i. e. disable Elasticsearch index rotation.
266. #no_retention = false
267.  
268. # How many indices do you want to keep?
269. #
270. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
271. # to your previous 1.x settings so they will be migrated to the database!
272. elasticsearch_max_number_of_indices = 20
273.  
274. # Decide what happens with the oldest indices when the maximum number of indices is reached.
275. # The following strategies are availble:
276. # - delete # Deletes the index completely (Default)
277. # - close # Closes the index and hides it from the system. Can be re-opened later.
278. #
279. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
280. # to your previous 1.x settings so they will be migrated to the database!
281. retention_strategy = delete
282.  
283. # How many indices do you want to keep?
284. #
285. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
286. # to your previous 1.x settings so they will be migrated to the database!
287. elasticsearch_max_number_of_indices = 20
288.  
289. # Decide what happens with the oldest indices when the maximum number of indices is reached.
290. # The following strategies are availble:
291. # - delete # Deletes the index completely (Default)
292. # - close # Closes the index and hides it from the system. Can be re-opened later.
293. #
294. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
295. # to your previous 1.x settings so they will be migrated to the database!
296. retention_strategy = delete
297.  
298. # How many Elasticsearch shards and replicas should be used per index? Note that this only applies to newly created indices.
299. elasticsearch_shards = 4
300. elasticsearch_replicas = 0
301.  
302. # Prefix for all Elasticsearch indices and index aliases managed by Graylog.
303. elasticsearch_index_prefix = graylog
304.  
305. # Name of the Elasticsearch index template used by Graylog to apply the mandatory index mapping.
306. # # Default: graylog-internal
307. #elasticsearch_template_name = graylog-internal
308.  
309. # Do you want to allow searches with leading wildcards? This can be extremely resource hungry and should only
310. # be enabled with care. See also: http://docs.graylog.org/en/2.1/pages/queries.html
311. allow_leading_wildcard_searches = false
312.  
313. # Do you want to allow searches to be highlighted? Depending on the size of your messages this can be memory hungry and
314. # should only be enabled after making sure your Elasticsearch cluster has enough memory.
315. allow_highlighting = false
316.  
317. # settings to be passed to elasticsearch's client (overriding those in the provided elasticsearch_config_file)
318. # all these
319. # this must be the same as for your Elasticsearch cluster
320. #elasticsearch_cluster_name = graylog
321.  
322. # The prefix being used to generate the Elasticsearch node name which makes it easier to identify the specific Graylog
323. # server running the embedded Elasticsearch instance. The node name will be constructed by concatenating this prefix
324. # and the Graylog node ID (see node_id_file), for example "graylog-17052010-1234-5678-abcd-1337cafebabe".
325. # Default: graylog-
326. #elasticsearch_node_name_prefix = graylog-
327.  
328. # A comma-separated list of Elasticsearch nodes which Graylog is using to connect to the Elasticsearch cluster,
329. # see https://www.elastic.co/guide/en/elasticsearch/reference/2.3/modules-discovery-zen.html for details.
330. # Default: 127.0.0.1
331. #elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300, 127.0.0.2:9500
332.  
333. # we don't want the Graylog server to store any data, or be master node
334. #elasticsearch_node_master = false
335. #elasticsearch_node_data = false
336.  
337. # use a different port if you run multiple Elasticsearch nodes on one machine
338. #elasticsearch_transport_tcp_port = 9350
339.  
340. # we don't need to run the embedded HTTP server here
341. #elasticsearch_http_enabled = false
342.  
343. # Change the following setting if you are running into problems with timeouts during Elasticsearch cluster discovery.
344. # The setting is specified in milliseconds, the default is 5000ms (5 seconds).
345. #elasticsearch_cluster_discovery_timeout = 5000
346.  
347. # the following settings allow to change the bind addresses for the Elasticsearch client in Graylog
348. # these settings are empty by default, letting Elasticsearch choose automatically,
349. # override them here or in the 'elasticsearch_config_file' if you need to bind to a special address
350. # refer to https://www.elastic.co/guide/en/elasticsearch/reference/2.3/modules-network.html
351. # for special values here
352. #elasticsearch_network_host =
353. #elasticsearch_network_bind_host =
354. #elasticsearch_network_publish_host =
355.  
356. # The total amount of time discovery will look for other Elasticsearch nodes in the cluster
357. # before giving up and declaring the current node master.
358. #elasticsearch_discovery_initial_state_timeout = 3s
359.  
360. # Analyzer (tokenizer) to use for message and full_message field. The "standard" filter usually is a good idea.
361. # All supported analyzers are: standard, simple, whitespace, stop, keyword, pattern, language, snowball, custom
362. # Elasticsearch documentation: https://www.elastic.co/guide/en/elasticsearch/reference/2.3/analysis.html
363. # Note that this setting only takes effect on newly created indices.
364. elasticsearch_analyzer = standard
365.  
366. # Global request timeout for Elasticsearch requests (e. g. during search, index creation, or index time-range
367. # calculations) based on a best-effort to restrict the runtime of Elasticsearch operations.
368. # Default: 1m
369. #elasticsearch_request_timeout = 1m
370.  
371. # Time interval for index range information cleanups. This setting defines how often stale index range information
372. # is being purged from the database.
373. # Default: 1h
374. #index_ranges_cleanup_interval = 1h
375.  
376. # Batch size for the Elasticsearch output. This is the maximum (!) number of messages the Elasticsearch output
377. # module will get at once and write to Elasticsearch in a batch call. If the configured batch size has not been
378. # reached within output_flush_interval seconds, everything that is available will be flushed at once. Remember
379. # that every outputbuffer processor manages its own batch and performs its own batch write calls.
380. # ("outputbuffer_processors" variable)
381. output_batch_size = 500
382.  
383. # Flush interval (in seconds) for the Elasticsearch output. This is the maximum amount of time between two
384. # batches of messages written to Elasticsearch. It is only effective at all if your minimum number of messages
385. # for this time period is less than output_batch_size * outputbuffer_processors.
386. output_flush_interval = 1
387.  
388. # As stream outputs are loaded only on demand, an output which is failing to initialize will be tried over and
389. # over again. To prevent this, the following configuration options define after how many faults an output will
390. # not be tried again for an also configurable amount of seconds.
391. output_fault_count_threshold = 5
392. output_fault_penalty_seconds = 30
393.  
394. # The number of parallel running processors.
395. # Raise this number if your buffers are filling up.
396. processbuffer_processors = 5
397. outputbuffer_processors = 3
398.  
399. #outputbuffer_processor_keep_alive_time = 5000
400. #outputbuffer_processor_threads_core_pool_size = 3
401. #outputbuffer_processor_threads_max_pool_size = 30
402.  
403. # UDP receive buffer size for all message inputs (e. g. SyslogUDPInput).
404. #udp_recvbuffer_sizes = 1048576
405.  
406. # Wait strategy describing how buffer processors wait on a cursor sequence. (default: sleeping)
407. # Possible types:
408. # - yielding
409. # Compromise between performance and CPU usage.
410. # - sleeping
411. # Compromise between performance and CPU usage. Latency spikes can occur after quiet periods.
412. # - blocking
413. # High throughput, low latency, higher CPU usage.
414. # - busy_spinning
415. # Avoids syscalls which could introduce latency jitter. Best when threads can be bound to specific CPU cores.
416. processor_wait_strategy = blocking
417.  
418. # Size of internal ring buffers. Raise this if raising outputbuffer_processors does not help anymore.
419. # For optimum performance your LogMessage objects in the ring buffer should fit in your CPU L3 cache.
420. # Must be a power of 2. (512, 1024, 2048, ...)
421. ring_size = 65536
422.  
423. inputbuffer_ring_size = 65536
424. inputbuffer_processors = 2
425. inputbuffer_wait_strategy = blocking
426.  
427. # Enable the disk based message journal.
428. message_journal_enabled = true
429.  
430. # The directory which will be used to store the message journal. The directory must me exclusively used by Graylog and
431. # must not contain any other files than the ones created by Graylog itself.
432. #
433. # ATTENTION:
434. # If you create a seperate partition for the journal files and use a file system creating directories like 'lost+found'
435. # in the root directory, you need to create a sub directory for your journal.
436. # Otherwise Graylog will log an error message that the journal is corrupt and Graylog will not start.
437. message_journal_dir = /var/lib/graylog-server/journal
438.  
439. # Journal hold messages before they could be written to Elasticsearch.
440. # For a maximum of 12 hours or 5 GB whichever happens first.
441. # During normal operation the journal will be smaller.
442. #message_journal_max_age = 12h
443. #message_journal_max_size = 5gb
444.  
445. #message_journal_flush_age = 1m
446. #message_journal_flush_interval = 1000000
447. #message_journal_segment_age = 1h
448. #message_journal_segment_size = 100mb
449.  
450. # Number of threads used exclusively for dispatching internal events. Default is 2.
451. #async_eventbus_processors = 2
452.  
453. # How many seconds to wait between marking node as DEAD for possible load balancers and starting the actual
454. # shutdown process. Set to 0 if you have no status checking load balancers in front.
455. lb_recognition_period_seconds = 3
456.  
457. # Journal usage percentage that triggers requesting throttling for this server node from load balancers. The feature is
458. # disabled if not set.
459. #lb_throttle_threshold_percentage = 95
460.  
461. # Every message is matched against the configured streams and it can happen that a stream contains rules which
462. # take an unusual amount of time to run, for example if its using regular expressions that perform excessive backtracking.
463. # This will impact the processing of the entire server. To keep such misbehaving stream rules from impacting other
464. # streams, Graylog limits the execution time for each stream.
465. # The default values are noted below, the timeout is in milliseconds.
466. # If the stream matching for one stream took longer than the timeout value, and this happened more than "max_faults" times
467. # that stream is disabled and a notification is shown in the web interface.
468. #stream_processing_timeout = 2000
469. #stream_processing_max_faults = 3
470.  
471. # Length of the interval in seconds in which the alert conditions for all streams should be checked
472. # and alarms are being sent.
473. #alert_check_interval = 60
474.  
475. # Since 0.21 the Graylog server supports pluggable output modules. This means a single message can be written to multiple
476. # outputs. The next setting defines the timeout for a single output module, including the default output module where all
477. # messages end up.
478. #
479. # Time in milliseconds to wait for all message outputs to finish writing a single message.
480. #output_module_timeout = 10000
481.  
482. # Time in milliseconds after which a detected stale master node is being rechecked on startup.
483. #stale_master_timeout = 2000
484.  
485. # Time in milliseconds which Graylog is waiting for all threads to stop on shutdown.
486. #shutdown_timeout = 30000
487.  
488. # MongoDB connection string
489. # See https://docs.mongodb.com/manual/reference/connection-string/ for details
490. mongodb_uri = mongodb://correct:Information@localhost:27017/MongoDB
491.  
492. # Authenticate against the MongoDB server
493. #mongodb_uri = mongodb://grayloguser:secret@localhost:27017/graylog
494.  
495. # Use a replica set instead of a single host
496. #mongodb_uri = mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog
497.  
498. # Increase this value according to the maximum connections your MongoDB server can handle from a single client
499. # if you encounter MongoDB connection problems.
500. mongodb_max_connections = 1000
501.  
502. # Number of threads allowed to be blocked by MongoDB connections multiplier. Default: 5
503. # If mongodb_max_connections is 100, and mongodb_threads_allowed_to_block_multiplier is 5,
504. # then 500 threads can block. More than that and an exception will be thrown.
505. # http://api.mongodb.com/java/current/com/mongodb/MongoOptions.html#threadsAllowedToBlockForConnectionMultiplier
506. mongodb_threads_allowed_to_block_multiplier = 5
507.  
508. # Drools Rule File (Use to rewrite incoming log messages)
509. # See: http://docs.graylog.org/en/2.1/pages/drools.html
510. #rules_file = /etc/graylog/server/rules.drl
511.  
512. # Email transport
513. transport_email_enabled = true
514. transport_email_hostname = smtp.company.com
515. transport_email_port = 25
516. transport_email_use_auth = false
517. transport_email_use_tls = false
518. transport_email_use_ssl = false
519. transport_email_auth_username = graylog-tours@company.com
520. #transport_email_auth_password = secret
521. transport_email_subject_prefix = [graylog-Tours]
522. transport_email_from_email = graylog-tours@company.com
523.  
524. # Specify and uncomment this if you want to include links to the stream in your stream alert mails.
525. # This should define the fully qualified base url to your web interface exactly the same way as it is accessed by your users.
526. transport_email_web_interface_url = http://correctdnsaddress:9000/
527.  
528. # The default connect timeout for outgoing HTTP connections.
529. # Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
530. # Default: 5s
531. #http_connect_timeout = 5s
532.  
533. # The default read timeout for outgoing HTTP connections.
534. # Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
535. # Default: 10s
536. #http_read_timeout = 10s
537.  
538. # The default write timeout for outgoing HTTP connections.
539. # Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
540. # Default: 10s
541. #http_write_timeout = 10s
542.  
543. # HTTP proxy for outgoing HTTP connections
544. #http_proxy_uri =
545.  
546. # Disable the optimization of Elasticsearch indices after index cycling. This may take some load from Elasticsearch
547. # on heavily used systems with large indices, but it will decrease search performance. The default is to optimize
548. # cycled indices.
549. #disable_index_optimization = true
550.  
551. # Optimize the index down to <= index_optimization_max_num_segments. A higher number may take some load from Elasticsearch
552. # on heavily used systems with large indices, but it will decrease search performance. The default is 1.
553. #index_optimization_max_num_segments = 1
554.  
555. # The threshold of the garbage collection runs. If GC runs take longer than this threshold, a system notification
556. # will be generated to warn the administrator about possible problems with the system. Default is 1 second.
557. #gc_warning_threshold = 1s
558.  
559. # Connection timeout for a configured LDAP server (e. g. ActiveDirectory) in milliseconds.
560. #ldap_connection_timeout = 2000
561.  
562. # Disable the use of SIGAR for collecting system stats
563. #disable_sigar = false
564.  
565. # The default cache time for dashboard widgets. (Default: 10 seconds, minimum: 1 second)
566. #dashboard_widget_default_cache_time = 10s
567.  
568. # Automatically load content packs in "content_packs_dir" on the first start of Graylog.
569. #content_packs_loader_enabled = true
570.  
571. # The directory which contains content packs which should be loaded on the first start of Graylog.
572. content_packs_dir = /usr/share/graylog-server/contentpacks
573.  
574. # A comma-separated list of content packs (files in "content_packs_dir") which should be applied on
575. # the first start of Graylog.
576. # Default: empty
577. content_packs_auto_load = grok-patterns.json