Running a home lab is nice, but having some control is even better.
And with control, I mean logging.
After setting up a Palo Alto firewall in my home setup, I really needed somewhere to ship the logs. I tried Splunk, but the free version is just missing to much. So i started googling for alternatives and there I found Graylog.
Pretty simple to set up, have a lot of features in the free version(not missing anything yet) and really good documentation.
At the moment I’m sending logs from the firewall, a webserver, a ssh-gateway and my pihole DNS server. I’ve only used syslog and filebeat, but more are supported.
I need to normalize the logs more, but its fun to set up notifications and creating dashboards. And to understand logs is important in most tech jobs, specially InfoSec.