Current log:
2016-09-21T11:28:32.220-04:00 INFO [connection] Opened connection
[connectionId{localValue:6, serverValue:11}] to localhost:27017
2016-09-21T11:28:49.651-04:00 INFO [Server] SIGNAL received. Shutting down.
2016-09-21T11:28:49.653-04:00 INFO [GracefulShutdown] Graceful shutdown
initiated.
2016-09-21T11:28:49.654-04:00 INFO [GracefulShutdown] Node status:
[Halting?[LB:DEAD]]. Waiting <3sec> for possible load balancers to
recognize state change.
2016-09-21T11:28:53.656-04:00 INFO [InputSetupService] Attempting to close
input
<org.graylog2.inputs.syslog.udp.SyslogUDPInput.573241bbf6bc790854fe5ec4>
[Syslog UDP].
2016-09-21T11:28:53.659-04:00 INFO [InputSetupService] Input
<org.graylog2.inputs.syslog.udp.SyslogUDPInput.573241bbf6bc790854fe5ec4>
closed. Took [2ms]
2016-09-21T11:28:53.659-04:00 INFO [InputSetupService] Attempting to close
input
<org.graylog2.inputs.syslog.udp.SyslogUDPInput.57324191f6bc790854fe5e94>
[Syslog UDP].
2016-09-21T11:28:53.660-04:00 INFO [InputSetupService] Input
<org.graylog2.inputs.syslog.udp.SyslogUDPInput.57324191f6bc790854fe5e94>
closed. Took [0ms]
2016-09-21T11:28:53.660-04:00 INFO [InputSetupService] Attempting to close
input
<org.graylog2.inputs.syslog.udp.SyslogUDPInput.573241e0f6bc790854fe5eef>
[Syslog UDP].
2016-09-21T11:28:53.662-04:00 INFO [InputSetupService] Input
<org.graylog2.inputs.syslog.udp.SyslogUDPInput.573241e0f6bc790854fe5eef>
closed. Took [0ms]
2016-09-21T11:28:53.671-04:00 INFO [Buffers] Waiting until all buffers are
empty.
2016-09-21T11:28:53.672-04:00 INFO [Buffers] All buffers are empty.
Continuing.
2016-09-21T11:28:53.673-04:00 INFO [node]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] stopping ...
2016-09-21T11:28:53.673-04:00 INFO [OutputSetupService] Stopping output
org.graylog2.outputs.BlockingBatchedESOutput
2016-09-21T11:28:53.698-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.periodical.AlertScannerThread].
2016-09-21T11:28:53.698-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.periodical.AlertScannerThread] complete, took
<0ms>.
2016-09-21T11:28:53.699-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread].
2016-09-21T11:28:53.702-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread]
complete, took <0ms>.
2016-09-21T11:28:53.702-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.periodical.ClusterHealthCheckThread].
2016-09-21T11:28:53.705-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.periodical.ClusterHealthCheckThread] complete,
took <0ms>.
2016-09-21T11:28:53.705-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.periodical.IndexerClusterCheckerThread].
2016-09-21T11:28:53.705-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.periodical.IndexerClusterCheckerThread] complete,
took <0ms>.
2016-09-21T11:28:53.705-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.periodical.IndexRetentionThread].
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.periodical.IndexRetentionThread] complete, took
<0ms>.
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.periodical.IndexRotationThread].
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.periodical.IndexRotationThread] complete, took
<0ms>.
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.periodical.VersionCheckThread].
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.periodical.VersionCheckThread] complete, took
<0ms>.
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.periodical.ThrottleStateUpdaterThread].
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.periodical.ThrottleStateUpdaterThread] complete,
took <0ms>.
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.events.ClusterEventPeriodical].
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.events.ClusterEventPeriodical] complete, took
<0ms>.
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.events.ClusterEventCleanupPeriodical].
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.events.ClusterEventCleanupPeriodical] complete,
took <0ms>.
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical].
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical] complete,
took <0ms>.
2016-09-21T11:28:53.707-04:00 INFO [GracefulShutdown] Goodbye.
2016-09-21T11:28:53.714-04:00 INFO [JerseyService] Shutting down HTTP
listener at <http://10.18.16.15:9000/api/>
2016-09-21T11:28:53.715-04:00 INFO [LogManager] Shutting down.
2016-09-21T11:28:53.720-04:00 INFO [node]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] stopped
2016-09-21T11:28:53.720-04:00 INFO [node]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] closing ...
2016-09-21T11:28:53.734-04:00 INFO [node]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] closed
2016-09-21T11:28:53.757-04:00 INFO [LogManager] Shutdown complete.
2016-09-21T11:28:53.759-04:00 INFO [JournalReader] Stopping.
2016-09-21T11:28:53.837-04:00 INFO [NetworkListener] Stopped listener
bound to [10.18.16.15:9000]
2016-09-21T11:28:58.116-04:00 WARN [PluginLoader] Plugin directory /plugin
does not exist, not loading plugins.
2016-09-21T11:28:58.459-04:00 INFO [CmdLineTool] Running with JVM
arguments: -Xms10g -Xmx14g -XX:NewRatio=1 -XX:+ResizeTLAB
-XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled
-XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC
-XX:-OmitStackTraceInFastThrow
-Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml
-Djava.library.path=/usr/share/graylog-server/lib/sigar
-Dgraylog2.installation_source=deb
2016-09-21T11:29:03.159-04:00 INFO [InputBufferImpl] Message journal is
enabled.
2016-09-21T11:29:03.207-04:00 INFO [NodeId] Node ID:
ecdff2ab-d0a2-4ddb-975e-d2379fb3625d
2016-09-21T11:29:03.676-04:00 INFO [LogManager] Loading logs.
2016-09-21T11:29:03.897-04:00 INFO [LogManager] Logs loading complete.
2016-09-21T11:29:03.897-04:00 INFO [KafkaJournal] Initialized Kafka based
journal at /var/lib/graylog-server/journal
2016-09-21T11:29:03.957-04:00 INFO [InputBufferImpl] Initialized
InputBufferImpl with ring size <65536> and wait strategy
<BlockingWaitStrategy>, running 2 parallel message handlers.
2016-09-21T11:29:04.028-04:00 INFO [cluster] Cluster created with settings
{hosts=[localhost:27017], mode=SINGLE, requiredClusterType=UNKNOWN,
serverSelectionTimeout='30000 ms', maxWaitQueueSize=5000}
2016-09-21T11:29:04.186-04:00 INFO [cluster] No server chosen by
ReadPreferenceServerSelector{readPreference=primary} from cluster
description ClusterDescription{type=UNKNOWN, connectionMode=SINGLE,
serverDescriptions=[ServerDescription{address=localhost:27017,
type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
2016-09-21T11:29:04.261-04:00 INFO [connection] Opened connection
[connectionId{localValue:1, serverValue:12}] to localhost:27017
2016-09-21T11:29:04.266-04:00 INFO [cluster] Monitor thread successfully
connected to server with description
ServerDescription{address=localhost:27017, type=STANDALONE,
state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 2, 9]},
minWireVersion=0, maxWireVersion=4, maxDocumentSize=16777216,
roundTripTimeNanos=4120848}
2016-09-21T11:29:04.282-04:00 INFO [connection] Opened connection
[connectionId{localValue:2, serverValue:13}] to localhost:27017
2016-09-21T11:29:04.949-04:00 INFO [node]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] version[2.3.5], pid[1869],
build[90f439f/2016-07-27T10:36:52Z]
2016-09-21T11:29:04.949-04:00 INFO [node]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] initializing ...
2016-09-21T11:29:04.965-04:00 INFO [plugins]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] modules [], plugins
[graylog-monitor], sites []
2016-09-21T11:29:08.444-04:00 INFO [node]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] initialized
2016-09-21T11:29:08.628-04:00 INFO [Version] HV000001: Hibernate Validator
5.2.4.Final
2016-09-21T11:29:08.889-04:00 INFO [ProcessBuffer] Initialized
ProcessBuffer with ring size <65536> and wait strategy
<BlockingWaitStrategy>.
2016-09-21T11:29:12.637-04:00 INFO [RulesEngineProvider] No static rules
file loaded.
2016-09-21T11:29:12.807-04:00 INFO [OutputBuffer] Initialized OutputBuffer
with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2016-09-21T11:29:12.864-04:00 INFO [connection] Opened connection
[connectionId{localValue:3, serverValue:14}] to localhost:27017
2016-09-21T11:29:14.714-04:00 INFO [ServerBootstrap] Graylog server
2.1.1+01d50e5 starting up
2016-09-21T11:29:14.715-04:00 INFO [ServerBootstrap] JRE: Oracle
Corporation 1.8.0_101 on Linux 3.16.0-77-generic
2016-09-21T11:29:14.715-04:00 INFO [ServerBootstrap] Deployment: deb
2016-09-21T11:29:14.715-04:00 INFO [ServerBootstrap] OS: Ubuntu 14.04.5
LTS (trusty)
2016-09-21T11:29:14.716-04:00 INFO [ServerBootstrap] Arch: amd64
2016-09-21T11:29:14.726-04:00 WARN [DeadEventLoggingListener] Received
unhandled event of type <org.graylog2.plugin.lifecycles.Lifecycle> from
event bus <AsyncEventBus{graylog-eventbus}>
2016-09-21T11:29:14.804-04:00 INFO [node]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] starting ...
2016-09-21T11:29:14.802-04:00 INFO [PeriodicalsService] Starting 22
periodicals ...
2016-09-21T11:29:14.805-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.ThroughputCalculator] periodical in [0s], polling
every [1s].
2016-09-21T11:29:14.858-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.AlertScannerThread] periodical in [10s], polling
every [60s].
2016-09-21T11:29:14.862-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] periodical
in [0s], polling every [1s].
2016-09-21T11:29:14.864-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.ClusterHealthCheckThread] periodical in [120s],
polling every [20s].
2016-09-21T11:29:14.864-04:00 INFO [PeriodicalsService] Not starting
[org.graylog2.periodical.ContentPackLoaderPeriodical] periodical. Not
configured to run on this node.
2016-09-21T11:29:14.864-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.GarbageCollectionWarningThread] periodical,
running forever.
2016-09-21T11:29:14.867-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.IndexerClusterCheckerThread] periodical in [0s],
polling every [30s].
2016-09-21T11:29:14.869-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.IndexRetentionThread] periodical in [0s], polling
every [300s].
2016-09-21T11:29:14.873-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.IndexRotationThread] periodical in [0s], polling
every [10s].
2016-09-21T11:29:14.875-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.NodePingThread] periodical in [0s], polling every
[1s].
2016-09-21T11:29:14.882-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.VersionCheckThread] periodical in [300s], polling
every [1800s].
2016-09-21T11:29:14.882-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.ThrottleStateUpdaterThread] periodical in [1s],
polling every [1s].
2016-09-21T11:29:14.885-04:00 INFO [IndexerClusterCheckerThread] Indexer
not fully initialized yet. Skipping periodic cluster check.
2016-09-21T11:29:14.886-04:00 INFO [Periodicals] Starting
[org.graylog2.events.ClusterEventPeriodical] periodical in [0s], polling
every [1s].
2016-09-21T11:29:14.889-04:00 INFO [Periodicals] Starting
[org.graylog2.events.ClusterEventCleanupPeriodical] periodical in [0s],
polling every [86400s].
2016-09-21T11:29:14.890-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.ClusterIdGeneratorPeriodical] periodical, running
forever.
2016-09-21T11:29:14.932-04:00 INFO [IndexRetentionThread] Elasticsearch
cluster not available, skipping index retention checks.
2016-09-21T11:29:14.967-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.IndexRangesMigrationPeriodical] periodical,
running forever.
2016-09-21T11:29:14.971-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.IndexRangesCleanupPeriodical] periodical in [15s],
polling every [3600s].
2016-09-21T11:29:14.989-04:00 INFO [connection] Opened connection
[connectionId{localValue:4, serverValue:15}] to localhost:27017
2016-09-21T11:29:15.065-04:00 INFO [PeriodicalsService] Not starting
[org.graylog2.periodical.UserPermissionMigrationPeriodical] periodical. Not
configured to run on this node.
2016-09-21T11:29:15.066-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.AlarmCallbacksMigrationPeriodical] periodical,
running forever.
2016-09-21T11:29:15.080-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.ConfigurationManagementPeriodical] periodical,
running forever.
2016-09-21T11:29:15.083-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.LdapGroupMappingMigration] periodical, running
forever.
2016-09-21T11:29:15.094-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.IndexFailuresPeriodical] periodical, running
forever.
2016-09-21T11:29:15.189-04:00 INFO [JerseyService] Enabling CORS for HTTP
endpoint
2016-09-21T11:29:15.478-04:00 INFO [transport]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] publish_address
{127.0.0.1:9350}, bound_addresses {[::1]:9350}, {127.0.0.1:9350}
2016-09-21T11:29:15.536-04:00 INFO [discovery]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d]
graylog/-nxNF3TlRU2wbDWJ_wamDA
2016-09-21T11:29:18.547-04:00 WARN [discovery]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] waited for 3s and no initial
state was set by the discovery
2016-09-21T11:29:18.548-04:00 INFO [node]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] started
2016-09-21T11:29:18.812-04:00 INFO [service]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] detected_master
{Spider-Ham}{ULG5xA3STjWERgzKBdH2sA}{127.0.0.1}{127.0.0.1:9300}, added
{{Spider-Ham}{ULG5xA3STjWERgzKBdH2sA}{127.0.0.1}{127.0.0.1:9300},}, reason:
zen-disco-receive(from master
[{Spider-Ham}{ULG5xA3STjWERgzKBdH2sA}{127.0.0.1}{127.0.0.1:9300}])
2016-09-21T11:29:30.817-04:00 INFO [NetworkListener] Started listener
bound to [10.18.16.15:9000]
2016-09-21T11:29:30.819-04:00 INFO [HttpServer] [HttpServer] Started.
2016-09-21T11:29:30.829-04:00 INFO [JerseyService] Started REST API at
<http://10.18.16.15:9000/api/>
2016-09-21T11:29:30.829-04:00 INFO [JerseyService] Started Web Interface
at <http://10.18.16.15:9000/>
2016-09-21T11:29:30.832-04:00 INFO [ServerBootstrap] Services started,
startup times in ms: {OutputSetupService [RUNNING]=52,
BufferSynchronizerService [RUNNING]=59, KafkaJournal [RUNNING]=65,
InputSetupService [RUNNING]=220, PeriodicalsService [RUNNING]=361,
JournalReader [RUNNING]=446, IndexerSetupService [RUNNING]=4087,
JerseyService [RUNNING]=16053}
2016-09-21T11:29:30.836-04:00 INFO [ServiceManagerListener] Services are
healthy
2016-09-21T11:29:30.839-04:00 INFO [ServerBootstrap] Graylog server up and
running.
2016-09-21T11:29:30.839-04:00 INFO [InputSetupService] Triggering
launching persisted inputs, node transitioned from Uninitialized?[LB:DEAD]
to Running?[LB:ALIVE]
2016-09-21T11:29:30.912-04:00 INFO [InputStateListener] Input [Syslog
UDP/57324191f6bc790854fe5e94] is now STARTING
2016-09-21T11:29:30.913-04:00 INFO [InputStateListener] Input [Syslog
UDP/573241bbf6bc790854fe5ec4] is now STARTING
2016-09-21T11:29:30.914-04:00 INFO [InputStateListener] Input [Syslog
UDP/573241e0f6bc790854fe5eef] is now STARTING
2016-09-21T11:29:30.955-04:00 WARN [NettyTransport] receiveBufferSize
(SO_RCVBUF) for input SyslogUDPInput{title=Brocade Syslogs - Port 1516,
type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=null} should be
262144 but is 212992.
2016-09-21T11:29:30.957-04:00 INFO [InputStateListener] Input [Syslog
UDP/57324191f6bc790854fe5e94] is now RUNNING
2016-09-21T11:29:30.958-04:00 WARN [NettyTransport] receiveBufferSize
(SO_RCVBUF) for input SyslogUDPInput{title=Syslog UDP 1514,
type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=null} should be
1048576 but is 212992.
2016-09-21T11:29:30.960-04:00 INFO [InputStateListener] Input [Syslog
UDP/573241e0f6bc790854fe5eef] is now RUNNING
2016-09-21T11:29:30.961-04:00 WARN [NettyTransport] receiveBufferSize
(SO_RCVBUF) for input SyslogUDPInput{title=Clearpass,
type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=null} should be
262144 but is 212992.
2016-09-21T11:29:30.964-04:00 INFO [InputStateListener] Input [Syslog
UDP/573241bbf6bc790854fe5ec4] is now RUNNING
2016-09-21T11:29:45.177-04:00 INFO [connection] Opened connection
[connectionId{localValue:5, serverValue:16}] to localhost:27017
2016-09-21T11:30:30.095-04:00 INFO [connection] Opened connection
[connectionId{localValue:6, serverValue:17}] to localhost:27017
2016-09-21T11:55:43.115-04:00 INFO [jvm]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] [gc][young][1587][7]
duration [746ms], collections [1]/[1.5s], total [746ms]/[2.8s], memory
[4.3gb]->[277.5mb]/[13.3gb], all_pools {[young]
[3.9gb]->[13.9mb]/[5.6gb]}{[survivor] [318.6mb]->[220.7mb]/[716.7mb]}{[old]
[0b]->[42.9mb]/[7gb]}
2016-09-21T11:56:37.077-04:00 INFO [InputStateListener] Input [Syslog
UDP/57324191f6bc790854fe5e94] is now STOPPING
2016-09-21T11:56:37.080-04:00 INFO [InputStateListener] Input [Syslog
UDP/57324191f6bc790854fe5e94] is now STOPPED
2016-09-21T11:56:37.081-04:00 INFO [InputStateListener] Input [Syslog
UDP/57324191f6bc790854fe5e94] is now TERMINATED
2016-09-21T11:57:13.895-04:00 INFO [InputStateListener] Input [Syslog
UDP/573241bbf6bc790854fe5ec4] is now STOPPING
2016-09-21T11:57:13.898-04:00 INFO [InputStateListener] Input [Syslog
UDP/573241bbf6bc790854fe5ec4] is now STOPPED
2016-09-21T11:57:13.899-04:00 INFO [InputStateListener] Input [Syslog
UDP/573241bbf6bc790854fe5ec4] is now TERMINATED
2016-09-21T11:57:13.904-04:00 INFO [InputStateListener] Input [Syslog
UDP/573241bbf6bc790854fe5ec4] is now STARTING
2016-09-21T11:57:13.917-04:00 WARN [NettyTransport] receiveBufferSize
(SO_RCVBUF) for input SyslogUDPInput{title=Clearpass,
type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=null} should be
262144 but is 212992.
2016-09-21T11:57:13.918-04:00 INFO [InputStateListener] Input [Syslog
UDP/573241bbf6bc790854fe5ec4] is now RUNNING
2016-09-21T11:57:31.913-04:00 INFO [InputStateListener] Input [Syslog
UDP/57324191f6bc790854fe5e94] is now STARTING
2016-09-21T11:57:31.923-04:00 WARN [NettyTransport] receiveBufferSize
(SO_RCVBUF) for input SyslogUDPInput{title=Brocade Syslogs - Port 1516,
type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=null} should be
262144 but is 212992.
2016-09-21T11:57:31.924-04:00 INFO [InputStateListener] Input [Syslog
UDP/57324191f6bc790854fe5e94] is now RUNNING
2016-09-21T12:04:12.613-04:00 INFO [ExtractorsResource] Deleted extractor
<da3446d1-2743-11e6-9222-005056b84bb9> of type [GROK] from input
<57324191f6bc790854fe5e94>.
2016-09-21T12:04:12.895-04:00 INFO [connection] Opened connection
[connectionId{localValue:9, serverValue:19}] to localhost:27017
2016-09-21T12:04:12.895-04:00 INFO [connection] Opened connection
[connectionId{localValue:10, serverValue:20}] to localhost:27017
2016-09-21T12:04:12.896-04:00 INFO [connection] Opened connection
[connectionId{localValue:8, serverValue:21}] to localhost:27017
2016-09-21T12:04:12.896-04:00 INFO [connection] Opened connection
[connectionId{localValue:7, serverValue:18}] to localhost:27017
On Wednesday, September 21, 2016 at 12:03:52 PM UTC-4, Chris Call wrote:
>
> These are syslog messages from Brocade switches.
>
> Output of sudo ngrep -d any port 1516
> U 10.53.1.12:1026 -> 10.18.16.15:1516
> <14>2016 Sep 21 12:00:33 GNS-IDF-B STP: VLAN 42 Port 1/1/2 STP State ->
> FORWARDING (PortDown)
> #
> U 10.53.1.12:1026 -> 10.18.16.15:1516
> <14>2016 Sep 21 12:00:33 GNS-IDF-B STP: VLAN 42 Port 1/1/2 STP State ->
> BLOCKING (DOT1wTransition)
> #
> U 10.53.1.12:1026 -> 10.18.16.15:1516
> <14>2016 Sep 21 12:00:33 GNS-IDF-B STP: VLAN 42 Port 1/1/2 STP State ->
> DISABLED (PortDown)
> #
> U 10.53.1.12:1026 -> 10.18.16.15:1516
> <14>2016 Sep 21 12:00:33 GNS-IDF-B STP: VLAN 50 Port 1/1/2 STP State ->
> FORWARDING (PortDown)
> #
> U 10.53.1.12:1026 -> 10.18.16.15:1516
> <14>2016 Sep 21 12:00:33 GNS-IDF-B STP: VLAN 50 Port 1/1/2 STP State ->
> BLOCKING (DOT1wTransition)
> #
> U 10.53.1.12:1026 -> 10.18.16.15:1516
> <14>2016 Sep 21 12:00:33 GNS-IDF-B STP: VLAN 50 Port 1/1/2 STP State ->
> DISABLED (PortDown)
> #
> U 10.53.1.12:1026 -> 10.18.16.15:1516
> <14>2016 Sep 21 12:00:33 GNS-IDF-B System: Interface ethernet 1/1/2,
> state down
>
> Here is my input:
>
>
> <https://lh3.googleusercontent.com/-xURrrBeHw6c/V-KvHsDbCLI/AAAAAAAAAJI/Ft71A67cALgX6A3vz9M-0eCEzuKJxgLMACLcB/s1600/Screen%2BShot%2B2016-09-21%2Bat%2B12.02.07%2BPM.png>
>
>
> It was working when I was on 2.0. Again I'm sure I'm doing something dumb.
>
>
>
> On Wednesday, September 21, 2016 at 11:53:45 AM UTC-4, Jochen Schalanda
> wrote:
>>
>> Hi Chris,
>>
>> what kind of clients are sending syslog messages into Graylog and how are
>> they formatted?
>>
>> Cheers,
>> Jochen
>>
>> On Wednesday, 21 September 2016 17:34:45 UTC+2, Chris Call wrote:
>>>
>>> Thanks for the reply!
>>>
>>> I did not realize when I built the new VM I only gave it 1GB. Just
>>> increased it to 16 and added 10GB for Java with a max of 14GB. Now I can
>>> log in fine but no messages are appearing. I go to the inputs and click
>>> 'show received messages' on a syslog input running on port 1516 and it
>>> comes up with "Nothing found."
>>>
>>> When I run "sudo TCPDUMP 'port 1516'" I see messages coming in to the
>>> box. Any clues?
>>>
>>> Thanks again for your help!
>>>
>>>
>>>
>>> On Wednesday, September 21, 2016 at 10:09:53 AM UTC-4, Jochen Schalanda
>>> wrote:
>>>>
>>>> Hi Chris,
>>>>
>>>> what's the output of the following curl commands if you run it on the
>>>> machine your web browser is running on?
>>>>
>>>> curl -v -X GET http://10.18.16.15:9000/
>>>> curl -v -X GET -H 'Accept: application/json'
>>>> http://10.18.16.15:9000/api/
>>>>
>>>>
>>>> The long GC pauses (over 1 minute is really bad and unusual) are also
>>>> strange. Try giving Graylog more memory (currently it's 1 GB according to
>>>> the logs, try 2 GB), see
>>>> http://docs.graylog.org/en/2.1/pages/faq.html#raise-the-java-heap.
>>>>
>>>>
>>>> Cheers,
>>>> Jochen
>>>>
>>>> On Wednesday, 21 September 2016 15:59:35 UTC+2, Chris Call wrote:
>>>>>
>>>>> I had a great experience with Graylog before version 2.0 but I started
>>>>> fresh with a 2.0 install and had issues (streams kept stopping) and then
>>>>> upgraded to 2.0.1 I believe and now finally to 2.1.
>>>>>
>>>>> Right now, I can't open the web interface when I browse to
>>>>> 10.18.16.15:9000 (IP address of the host). I get nothing in the
>>>>> browser. Chrome gives me this "The 10.18.16.15 page isn’t working.
>>>>> 10.18.16.15 didn’t send any data." and no errors or messages in the
>>>>> developer java console.
>>>>>
>>>>> This is a single system running everything for Graylog and here are my
>>>>> config files and output:
>>>>>
>>>>> etc/graylog/server/server.conf:
>>>>> is_master = true
>>>>> node_id_file = /etc/graylog/server/node-id
>>>>> password_secret = <secret>
>>>>> root_password_sha2 = <secret>
>>>>> root_email = <email>
>>>>> plugin_dir = plugin
>>>>> rest_listen_uri = http://10.18.16.15:9000/api/
>>>>> web_enable = true
>>>>> web_listen_uri = http://10.18.16.15:9000/
>>>>> rotation_strategy = count
>>>>> elasticsearch_max_docs_per_index = 20000000
>>>>> elasticsearch_max_number_of_indices = 20
>>>>> retention_strategy = delete
>>>>> elasticsearch_shards = 4
>>>>> elasticsearch_replicas = 0
>>>>> elasticsearch_index_prefix = graylog
>>>>> allow_leading_wildcard_searches = false
>>>>> allow_highlighting = false
>>>>> elasticsearch_analyzer = standard
>>>>> output_batch_size = 500
>>>>> output_flush_interval = 1
>>>>> output_fault_count_threshold = 5
>>>>> output_fault_penalty_seconds = 30
>>>>> processbuffer_processors = 5
>>>>> outputbuffer_processors = 3
>>>>> processor_wait_strategy = blocking
>>>>> ring_size = 65536
>>>>> inputbuffer_ring_size = 65536
>>>>> inputbuffer_processors = 2
>>>>> inputbuffer_wait_strategy = blocking
>>>>> message_journal_enabled = true
>>>>> message_journal_dir = /var/lib/graylog-server/journal
>>>>> lb_recognition_period_seconds = 3
>>>>> mongodb_uri = mongodb://localhost/graylog
>>>>> mongodb_max_connections = 1000
>>>>> mongodb_threads_allowed_to_block_multiplier = 5
>>>>> content_packs_loader_enabled = false
>>>>> content_packs_auto_load = grok-patterns.json
>>>>> proxied_requests_thread_pool_size = 32
>>>>>
>>>>>
>>>>> /etc/elasticsearch/elasticsearch.yml
>>>>> # ======================== Elasticsearch Configuration
>>>>> =========================
>>>>> cluster.name: graylog
>>>>>
>>>>> result of " curl -XGET '
>>>>> http://localhost:9200/_cluster/health?pretty=true' ":
>>>>> {
>>>>> "cluster_name" : "graylog",
>>>>> "status" : "green",
>>>>> "timed_out" : false,
>>>>> "number_of_nodes" : 1,
>>>>> "number_of_data_nodes" : 1,
>>>>> "active_primary_shards" : 20,
>>>>> "active_shards" : 20,
>>>>> "relocating_shards" : 0,
>>>>> "initializing_shards" : 0,
>>>>> "unassigned_shards" : 0,
>>>>> "delayed_unassigned_shards" : 0,
>>>>> "number_of_pending_tasks" : 0,
>>>>> "number_of_in_flight_fetch" : 0,
>>>>> "task_max_waiting_in_queue_millis" : 0,
>>>>> "active_shards_percent_as_number" : 100.0
>>>>> }
>>>>>
>>>>> /var/log/graylog-server/server.log:
>>>>> 2016-09-21T09:41:42.573-04:00 WARN [PluginLoader] Plugin directory
>>>>> /plugin does not exist, not loading plugins.
>>>>> 2016-09-21T09:41:43.030-04:00 INFO [CmdLineTool] Running with JVM
>>>>> arguments: -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB
>>>>> -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled
>>>>> -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC
>>>>> -XX:-OmitStackTraceInFastThrow
>>>>> -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml
>>>>> -Djava.library.path=/usr/share/graylog-server/lib/sigar
>>>>> -Dgraylog2.installation_source=deb
>>>>> 2016-09-21T09:41:47.611-04:00 INFO [InputBufferImpl] Message journal
>>>>> is enabled.
>>>>> 2016-09-21T09:41:47.678-04:00 INFO [NodeId] Node ID:
>>>>> ecdff2ab-d0a2-4ddb-975e-d2379fb3625d
>>>>> 2016-09-21T09:41:48.054-04:00 INFO [LogManager] Loading logs.
>>>>> 2016-09-21T09:41:48.184-04:00 WARN [Log] Found a corrupted index
>>>>> file,
>>>>> /var/lib/graylog-server/journal/messagejournal-0/00000000000167286888.index,
>>>>>
>>>>> deleting and rebuilding index...
>>>>> 2016-09-21T09:41:49.740-04:00 INFO [LogManager] Logs loading complete.
>>>>> 2016-09-21T09:41:49.740-04:00 INFO [KafkaJournal] Initialized Kafka
>>>>> based journal at /var/lib/graylog-server/journal
>>>>> 2016-09-21T09:41:49.779-04:00 INFO [InputBufferImpl] Initialized
>>>>> InputBufferImpl with ring size <65536> and wait strategy
>>>>> <BlockingWaitStrategy>, running 2 parallel message handlers.
>>>>> 2016-09-21T09:41:49.825-04:00 INFO [cluster] Cluster created with
>>>>> settings {hosts=[localhost:27017], mode=SINGLE,
>>>>> requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms',
>>>>> maxWaitQueueSize=5000}
>>>>> 2016-09-21T09:41:49.946-04:00 INFO [cluster] No server chosen by
>>>>> ReadPreferenceServerSelector{readPreference=primary} from cluster
>>>>> description ClusterDescription{type=UNKNOWN, connectionMode=SINGLE,
>>>>> serverDescriptions=[ServerDescription{address=localhost:27017,
>>>>> type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
>>>>> 2016-09-21T09:41:50.002-04:00 INFO [connection] Opened connection
>>>>> [connectionId{localValue:1, serverValue:78}] to localhost:27017
>>>>> 2016-09-21T09:41:50.007-04:00 INFO [cluster] Monitor thread
>>>>> successfully connected to server with description
>>>>> ServerDescription{address=localhost:27017, type=STANDALONE,
>>>>> state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 2, 9]},
>>>>> minWireVersion=0, maxWireVersion=4, maxDocumentSize=16777216,
>>>>> roundTripTimeNanos=3105180}
>>>>> 2016-09-21T09:41:50.028-04:00 INFO [connection] Opened connection
>>>>> [connectionId{localValue:2, serverValue:79}] to localhost:27017
>>>>> 2016-09-21T09:41:50.737-04:00 INFO [node]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] version[2.3.5], pid[3698],
>>>>> build[90f439f/2016-07-27T10:36:52Z]
>>>>> 2016-09-21T09:41:50.741-04:00 INFO [node]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] initializing ...
>>>>> 2016-09-21T09:41:50.751-04:00 INFO [plugins]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] modules [], plugins
>>>>> [graylog-monitor], sites []
>>>>> 2016-09-21T09:41:54.439-04:00 INFO [node]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] initialized
>>>>> 2016-09-21T09:41:54.726-04:00 INFO [Version] HV000001: Hibernate
>>>>> Validator 5.2.4.Final
>>>>> 2016-09-21T09:41:55.085-04:00 INFO [ProcessBuffer] Initialized
>>>>> ProcessBuffer with ring size <65536> and wait strategy
>>>>> <BlockingWaitStrategy>.
>>>>> 2016-09-21T09:41:58.911-04:00 INFO [RulesEngineProvider] No static
>>>>> rules file loaded.
>>>>> 2016-09-21T09:41:59.117-04:00 INFO [OutputBuffer] Initialized
>>>>> OutputBuffer with ring size <65536> and wait strategy
>>>>> <BlockingWaitStrategy>.
>>>>> 2016-09-21T09:42:01.395-04:00 INFO [ServerBootstrap] Graylog server
>>>>> 2.1.1+01d50e5 starting up
>>>>> 2016-09-21T09:42:01.396-04:00 INFO [ServerBootstrap] JRE: Oracle
>>>>> Corporation 1.8.0_101 on Linux 3.16.0-77-generic
>>>>> 2016-09-21T09:42:01.396-04:00 INFO [ServerBootstrap] Deployment: deb
>>>>> 2016-09-21T09:42:01.396-04:00 INFO [ServerBootstrap] OS: Ubuntu
>>>>> 14.04.5 LTS (trusty)
>>>>> 2016-09-21T09:42:01.396-04:00 INFO [ServerBootstrap] Arch: amd64
>>>>> 2016-09-21T09:42:01.409-04:00 WARN [DeadEventLoggingListener]
>>>>> Received unhandled event of type
>>>>> <org.graylog2.plugin.lifecycles.Lifecycle>
>>>>> from event bus <AsyncEventBus{graylog-eventbus}>
>>>>> 2016-09-21T09:42:01.539-04:00 INFO [node]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] starting ...
>>>>> 2016-09-21T09:42:01.537-04:00 INFO [PeriodicalsService] Starting 22
>>>>> periodicals ...
>>>>> 2016-09-21T09:42:01.549-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.ThroughputCalculator] periodical in [0s],
>>>>> polling
>>>>> every [1s].
>>>>> 2016-09-21T09:42:01.556-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.AlertScannerThread] periodical in [10s], polling
>>>>> every [60s].
>>>>> 2016-09-21T09:42:01.559-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread]
>>>>> periodical
>>>>> in [0s], polling every [1s].
>>>>> 2016-09-21T09:42:01.560-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.ClusterHealthCheckThread] periodical in [120s],
>>>>> polling every [20s].
>>>>> 2016-09-21T09:42:01.560-04:00 INFO [PeriodicalsService] Not starting
>>>>> [org.graylog2.periodical.ContentPackLoaderPeriodical] periodical. Not
>>>>> configured to run on this node.
>>>>> 2016-09-21T09:42:01.561-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.GarbageCollectionWarningThread] periodical,
>>>>> running forever.
>>>>> 2016-09-21T09:42:01.562-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.IndexerClusterCheckerThread] periodical in [0s],
>>>>> polling every [30s].
>>>>> 2016-09-21T09:42:01.565-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.IndexRetentionThread] periodical in [0s],
>>>>> polling
>>>>> every [300s].
>>>>> 2016-09-21T09:42:01.566-04:00 INFO [IndexRetentionThread]
>>>>> Elasticsearch cluster not available, skipping index retention checks.
>>>>> 2016-09-21T09:42:01.571-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.IndexRotationThread] periodical in [0s], polling
>>>>> every [10s].
>>>>> 2016-09-21T09:42:01.571-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.NodePingThread] periodical in [0s], polling
>>>>> every
>>>>> [1s].
>>>>> 2016-09-21T09:42:01.572-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.VersionCheckThread] periodical in [300s],
>>>>> polling
>>>>> every [1800s].
>>>>> 2016-09-21T09:42:01.573-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.ThrottleStateUpdaterThread] periodical in [1s],
>>>>> polling every [1s].
>>>>> 2016-09-21T09:42:01.573-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.events.ClusterEventPeriodical] periodical in [0s], polling
>>>>> every [1s].
>>>>> 2016-09-21T09:42:01.574-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.events.ClusterEventCleanupPeriodical] periodical in [0s],
>>>>> polling every [86400s].
>>>>> 2016-09-21T09:42:01.574-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.ClusterIdGeneratorPeriodical] periodical,
>>>>> running
>>>>> forever.
>>>>> 2016-09-21T09:42:01.575-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.IndexRangesMigrationPeriodical] periodical,
>>>>> running forever.
>>>>> 2016-09-21T09:42:01.575-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.IndexRangesCleanupPeriodical] periodical in
>>>>> [15s],
>>>>> polling every [3600s].
>>>>> 2016-09-21T09:42:01.615-04:00 INFO [connection] Opened connection
>>>>> [connectionId{localValue:3, serverValue:80}] to localhost:27017
>>>>> 2016-09-21T09:42:01.633-04:00 INFO [connection] Opened connection
>>>>> [connectionId{localValue:5, serverValue:82}] to localhost:27017
>>>>> 2016-09-21T09:42:01.634-04:00 INFO [connection] Opened connection
>>>>> [connectionId{localValue:4, serverValue:81}] to localhost:27017
>>>>> 2016-09-21T09:42:01.642-04:00 INFO [connection] Opened connection
>>>>> [connectionId{localValue:6, serverValue:83}] to localhost:27017
>>>>> 2016-09-21T09:42:01.654-04:00 INFO [connection] Opened connection
>>>>> [connectionId{localValue:7, serverValue:84}] to localhost:27017
>>>>> 2016-09-21T09:42:01.674-04:00 INFO [IndexerClusterCheckerThread]
>>>>> Indexer not fully initialized yet. Skipping periodic cluster check.
>>>>> 2016-09-21T09:42:01.747-04:00 INFO [PeriodicalsService] Not starting
>>>>> [org.graylog2.periodical.UserPermissionMigrationPeriodical] periodical.
>>>>> Not
>>>>> configured to run on this node.
>>>>> 2016-09-21T09:42:01.747-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.AlarmCallbacksMigrationPeriodical] periodical,
>>>>> running forever.
>>>>> 2016-09-21T09:42:01.752-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.ConfigurationManagementPeriodical] periodical,
>>>>> running forever.
>>>>> 2016-09-21T09:42:01.763-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.LdapGroupMappingMigration] periodical, running
>>>>> forever.
>>>>> 2016-09-21T09:42:01.782-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.IndexFailuresPeriodical] periodical, running
>>>>> forever.
>>>>> 2016-09-21T09:42:02.449-04:00 INFO [JerseyService] Enabling CORS for
>>>>> HTTP endpoint
>>>>> 2016-09-21T09:42:02.503-04:00 INFO [transport]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] publish_address {
>>>>> 127.0.0.1:9350}, bound_addresses {[::1]:9350}, {127.0.0.1:9350}
>>>>> 2016-09-21T09:42:02.529-04:00 INFO [discovery]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d]
>>>>> graylog/LSqj-br4QV2viKzC5-4cjA
>>>>> 2016-09-21T09:42:05.544-04:00 WARN [discovery]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] waited for 3s and no
>>>>> initial
>>>>> state was set by the discovery
>>>>> 2016-09-21T09:42:05.544-04:00 INFO [node]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] started
>>>>> 2016-09-21T09:42:06.919-04:00 INFO [service]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] detected_master
>>>>> {Magdalena}{jtlOAsLnQ0GHZ6E_FRpKZA}{127.0.0.1}{127.0.0.1:9300}, added
>>>>> {{Magdalena}{jtlOAsLnQ0GHZ6E_FRpKZA}{127.0.0.1}{127.0.0.1:9300},},
>>>>> reason: zen-disco-receive(from master
>>>>> [{Magdalena}{jtlOAsLnQ0GHZ6E_FRpKZA}{127.0.0.1}{127.0.0.1:9300}])
>>>>> 2016-09-21T09:42:20.153-04:00 INFO [NetworkListener] Started listener
>>>>> bound to [10.18.16.15:9000]
>>>>> 2016-09-21T09:42:20.171-04:00 INFO [HttpServer] [HttpServer] Started.
>>>>> 2016-09-21T09:42:20.177-04:00 INFO [JerseyService] Started REST API
>>>>> at <http://10.18.16.15:9000/api/>
>>>>> 2016-09-21T09:42:20.177-04:00 INFO [JerseyService] Started Web
>>>>> Interface at <http://10.18.16.15:9000/>
>>>>> 2016-09-21T09:42:20.178-04:00 INFO [ServiceManagerListener] Services
>>>>> are healthy
>>>>> 2016-09-21T09:42:20.194-04:00 INFO [ServerBootstrap] Services
>>>>> started, startup times in ms: {OutputSetupService [RUNNING]=15,
>>>>> BufferSynchronizerService [RUNNING]=17, KafkaJournal [RUNNING]=58,
>>>>> InputSetupService [RUNNING]=81, JournalReader [RUNNING]=82,
>>>>> PeriodicalsService [RUNNING]=271, IndexerSetupService [RUNNING]=5681,
>>>>> JerseyService [RUNNING]=18654}
>>>>> 2016-09-21T09:42:20.193-04:00 INFO [InputSetupService] Triggering
>>>>> launching persisted inputs, node transitioned from
>>>>> Uninitialized?[LB:DEAD]
>>>>> to Running?[LB:ALIVE]
>>>>> 2016-09-21T09:42:20.261-04:00 INFO [ServerBootstrap] Graylog server
>>>>> up and running.
>>>>> 2016-09-21T09:42:20.299-04:00 INFO [InputStateListener] Input [Syslog
>>>>> UDP/573241bbf6bc790854fe5ec4] is now STARTING
>>>>> 2016-09-21T09:42:20.301-04:00 INFO [InputStateListener] Input [Syslog
>>>>> UDP/57324191f6bc790854fe5e94] is now STARTING
>>>>> 2016-09-21T09:42:20.303-04:00 INFO [InputStateListener] Input [Syslog
>>>>> UDP/573241e0f6bc790854fe5eef] is now STARTING
>>>>> 2016-09-21T09:42:20.461-04:00 WARN [NettyTransport] receiveBufferSize
>>>>> (SO_RCVBUF) for input SyslogUDPInput{title=Clearpass,
>>>>> type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=null} should
>>>>> be
>>>>> 262144 but is 212992.
>>>>> 2016-09-21T09:42:20.463-04:00 WARN [NettyTransport] receiveBufferSize
>>>>> (SO_RCVBUF) for input SyslogUDPInput{title=Brocade Syslogs - Port 1516,
>>>>> type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=null} should
>>>>> be
>>>>> 262144 but is 212992.
>>>>> 2016-09-21T09:42:20.461-04:00 WARN [NettyTransport] receiveBufferSize
>>>>> (SO_RCVBUF) for input SyslogUDPInput{title=Syslog UDP 1514,
>>>>> type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=null} should
>>>>> be
>>>>> 1048576 but is 212992.
>>>>> 2016-09-21T09:42:20.464-04:00 INFO [InputStateListener] Input [Syslog
>>>>> UDP/573241bbf6bc790854fe5ec4] is now RUNNING
>>>>> 2016-09-21T09:42:20.465-04:00 INFO [InputStateListener] Input [Syslog
>>>>> UDP/57324191f6bc790854fe5e94] is now RUNNING
>>>>> 2016-09-21T09:42:20.466-04:00 INFO [InputStateListener] Input [Syslog
>>>>> UDP/573241e0f6bc790854fe5eef] is now RUNNING
>>>>> 2016-09-21T09:42:30.533-04:00 WARN [jvm]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] [gc][young][25][4]
>>>>> duration
>>>>> [3.7s], collections [1]/[4.4s], total [3.7s]/[4.6s], memory
>>>>> [477.5mb]->[154.3mb]/[972.8mb], all_pools {[young]
>>>>> [387.6mb]->[20.7mb]/[409.6mb]}{[survivor]
>>>>> [49.6mb]->[51.1mb]/[51.1mb]}{[old] [40.3mb]->[94.3mb]/[512mb]}
>>>>> 2016-09-21T09:42:41.544-04:00 WARN [jvm]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] [gc][young][30][5]
>>>>> duration
>>>>> [6s], collections [1]/[6.8s], total [6s]/[10.7s], memory
>>>>> [506.7mb]->[210.4mb]/[972.8mb], all_pools {[young]
>>>>> [361.2mb]->[19.1mb]/[409.6mb]}{[survivor]
>>>>> [51.1mb]->[51.1mb]/[51.1mb]}{[old] [94.3mb]->[140.1mb]/[512mb]}
>>>>> 2016-09-21T09:43:02.982-04:00 WARN [jvm]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] [gc][young][35][6]
>>>>> duration
>>>>> [15.4s], collections [1]/[16.6s], total [15.4s]/[26.1s], memory
>>>>> [566.6mb]->[274.8mb]/[972.8mb], all_pools {[young]
>>>>> [375.2mb]->[13.3mb]/[409.6mb]}{[survivor]
>>>>> [51.1mb]->[51.1mb]/[51.1mb]}{[old] [140.1mb]->[210.7mb]/[512mb]}
>>>>> 2016-09-21T09:44:13.861-04:00 WARN [jvm]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] [gc][young][48][7]
>>>>> duration
>>>>> [55.9s], collections [1]/[58.2s], total [55.9s]/[1.3m], memory
>>>>> [668.5mb]->[342.8mb]/[972.8mb], all_pools {[young]
>>>>> [406.6mb]->[24.1mb]/[409.6mb]}{[survivor]
>>>>> [51.1mb]->[51.1mb]/[51.1mb]}{[old] [210.7mb]->[269.2mb]/[512mb]}
>>>>> 2016-09-21T09:45:53.548-04:00 WARN [jvm]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] [gc][young][71][8]
>>>>> duration
>>>>> [1.2m], collections [1]/[1.2m], total [1.2m]/[2.6m], memory
>>>>> [724.3mb]->[379.1mb]/[972.8mb], all_pools {[young]
>>>>> [403.9mb]->[9.3mb]/[409.6mb]}{[survivor]
>>>>> [51.1mb]->[51.1mb]/[51.1mb]}{[old]
>>>>> [269.2mb]->[319.9mb]/[512mb]}
>>>>>
>>>>>
>>>>>
>>>>> I really don't care about historical data so I'm willing to start
>>>>> fresh with a new install of 2.1. I just want my performance back from
>>>>> Graylog2 (version 1).
>>>>>
>>>>> Any help is greatly appreciated!
>>>>>
>>>>> Chris
>>>>>
>>>>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/abb9bff7-2805-49f6-87ef-98ad43e53177%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
