The Apollo collector allows our support customers to easily submit bundles of information to the Graylog team. This way we can streamline support and dig deep into metrics without having to request more and more information via email or phone.
- The machine you run Apollo from must be able to reach the REST APIs of all
graylog-server
instances in your Graylog cluster. If you are unsure we recommend not to run it from your workstation but from the machine yourgraylog-server
master is running on. - You must run Apollo with a Graylog admin user. This can either be the built-in administrator user or a custom user with the
administrator
ruleset applied. The bundle extraction will fail if you run it with areader
user. - The information collected is usually not containing any sensitive information and never any messages you sent into Graylog. We will however be able to see stream and extractor names. Handling of the bundles falls under the support contract conditions and will thus never be shared and stored securely. You can look at the source code or unzip the generated bundle if you want to make sure.
- You only need to provide the REST API URL of one
graylog-server
instance. Apollo will auto-discover the othergraylog-server
instances in the cluster. - Future version will allow an automatic transmission of the bundle to us.
- Get the current latest release of apollo for your OS
- Download the binary:
curl -OL https://github.com/Graylog2/apollo/releases/download/0.5/apollo_linux_386
- Make the binary executable:
chmod +x apollo_linux_386
- Run the binary (replace username, password and hostname of
graylog-server
instance):./apollo_linux_386 -user hans -password secret -url http://graylog.example.org:9000/api
- Send us the generated
.ZIP
bundle file via email. (Located in same folder from where you executed Apollo. Called something likegraylog_apollo_bundle-2015-09-23T22-05-54.zip
)
- Download the binary:
curl -OL https://github.com/Graylog2/apollo/releases/download/0.5/apollo_osx_386
- Make the binary executable:
chmod +x apollo_osx_386
- Run the binary (replace username, password and hostname of
graylog-server
instance):./apollo_osx_386 -user hans -password secret -url http://graylog.example.org:9000/api
- Send us the generated
.ZIP
bundle file via email. (Located in same folder from where you executed Apollo. Called something likegraylog_apollo_bundle-2015-09-23T22-05-54.zip
)
- Download the binary from the Releases.
- Run the binary (replace username, password and hostname of
graylog-server
instance):c:\apollo_windows_386.exe -user hans -password secret -url http://graylog.example.org:9000/api
- Send us the generated
.ZIP
bundle file via email. (Located in same folder from where you executed Apollo. Called something likegraylog_apollo_bundle-2015-09-23T22-05-54.zip
)
The run of apollo and the output looks similar to the following:
./apollo_linux_386 -user admin -password <password> -url http://graylog-web-interface:9000
2017/10/20 08:39:51.515719 apollo.go:70: Starting up.
2017/10/20 08:39:51.517787 apollo.go:209: Successfully read 1988 bytes [system/cluster/nodes].
2017/10/20 08:39:51.517826 apollo.go:247: invalid character '<' looking for beginning of value
Make sure to use a graylog-server
REST API URL (Default to graylog-web-interface/api) and not the URL of a graylog-web-interface
as -url
parameter.
Make sure to use a graylog-server
REST API URL (Default to graylog-web-interface/api) and not the URL of a graylog-web-interface
as -url
parameter.
Make sure to use a user with administrator permissions in the -user
and -password
parameters of Apollo.
The information collected is usually not containing any sensitive information and never any messages stored in Graylog. We will however be able to see stream and extractor names. Handling of the bundles falls under the support contract conditions and will thus never be shared and stored securely. You can look at the source code or unzip the generated bundle if you want to make sure.
Only Graylog employees will be able to see data from the bundles.