Graylog

One MCP Server to Rule Them All: Unifying 9 Homelab Services

24 March 2026·1460 words·7 mins

Advanced Architecture Tutorial Mcp Proxmox Automation Claude-Code Infrastructure Dns Prometheus Graylog Semaphore

The Problem: Six Interfaces for One Question # “Is anything broken in my homelab?” Answering that question used to mean: SSH into Proxmox to check guest status. Curl the Pi-hole API for DNS health. Open Grafana to scan Prometheus alerts. Check Graylog for error spikes. Look at Semaphore for failed automation runs. Glance at Caddy logs for 502s.

Observability

1003 words

Wiki Monitoring Graylog Logging Alerting Observability

Visibility into 50+ services requires centralized logging, proactive alerting, and dashboards. This wiki covers my monitoring stack and the patterns that make it work. Monitoring Stack # Graylog Centralized Logging # Graylog is my log aggregation platform—collecting, processing, and visualizing logs from across the homelab.

Building a Homelab XDR: Wazuh, Graylog, and Monitoring AI Agents

5 February 2026·3960 words·19 mins

Intermediate Tutorial Lesson-Learned Security Wazuh Graylog Xdr Monitoring Docker Openclaw

Why an XDR in a Homelab? # When I first started building out my homelab infrastructure, I fell into the same trap that catches most homelab enthusiasts: I assumed that being behind a firewall made me safe. After all, I wasn’t running a Fortune 500 network. I had VLANs, I had a next-generation firewall doing deep packet inspection, and I kept my systems patched. What more did I need?

Deploying Wazuh XDR with Graylog Integration

3 February 2026·517 words·3 mins

Intermediate Lesson-Learned Lab-Note Security Wazuh Graylog Monitoring Docker

The Challenge # I needed a unified security monitoring solution that could: Provide endpoint detection and response (XDR) capabilities Integrate with my existing Graylog centralized logging infrastructure Scale from a single-node deployment to multi-node if needed Work with my existing OpenClaw threat intelligence feeds The Solution # Wazuh Single-Node Stack # Deployed Wazuh as a Docker-based single-node stack. The single-node architecture includes:

Lesson Learned: Graylog JVM Heap Over-Allocation

28 January 2026·526 words·3 mins

Lesson-Learned Graylog Opensearch Jvm Memory-Tuning Docker Performance

The Problem # I noticed my Graylog VM was consuming more memory than expected. The VM has 4GB RAM allocated, but both Graylog and OpenSearch were competing for memory, leaving little headroom for the operating system’s filesystem cache. What I Tried # First, I checked memory usage on the Graylog VM:

Graylog JVM Heap Optimization

27 January 2026·113 words

Journal Performance Graylog Jvm Docker

What Changed # Pinned Graylog’s JVM heap to 1GB by adding explicit GRAYLOG_SERVER_JAVA_OPTS to docker-compose.yml: 1 GRAYLOG_SERVER_JAVA_OPTS: "-Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+UseG1GC" Why # Noticed high memory usage on the Graylog VM. JVM ergonomics was auto-allocating ~2GB for Graylog, leaving insufficient RAM for OS filesystem cache. OpenSearch query performance suffers without cache headroom.

Graylog Upgrade to 7.0.3 + MongoDB 7.0

26 January 2026·108 words

Journal Upgrade Graylog Mongodb Docker

What Changed # Upgraded the Graylog logging stack: Graylog: 6.x → 7.0.3 MongoDB: 6.x → 7.0 Why # Graylog 7 brings improved dashboard performance, better pipeline rule debugging, and updated API. MongoDB 7.0 is the new LTS release with better aggregation performance. Details # Service: Graylog (Log-Server VM) Method: Updated version tags in docker-compose.yml, deployed via Portainer Downtime: ~5 minutes during container recreation Key changes in Graylog 7:

↑