Current log:
2016-09-21T11:28:32.220-04:00 INFO [connection] Opened connection
[connectionId{localValue:6, serverValue:11}] to localhost:27017
2016-09-21T11:28:49.651-04:00 INFO [Server] SIGNAL received. Shutting down.
2016-09-21T11:28:49.653-04:00 INFO [GracefulShutdown] Graceful shutdown
initiated.
2016-09-21T11:28:49.654-04:00 INFO [GracefulShutdown] Node status:
[Halting?[LB:DEAD]]. Waiting <3sec> for possible load balancers to
recognize state change.
2016-09-21T11:28:53.656-04:00 INFO [InputSetupService] Attempting to close
input
<org.graylog2.inputs.syslog.udp.SyslogUDPInput.573241bbf6bc790854fe5ec4>
[Syslog UDP].
2016-09-21T11:28:53.659-04:00 INFO [InputSetupService] Input
<org.graylog2.inputs.syslog.udp.SyslogUDPInput.573241bbf6bc790854fe5ec4>
closed. Took [2ms]
2016-09-21T11:28:53.659-04:00 INFO [InputSetupService] Attempting to close
input
<org.graylog2.inputs.syslog.udp.SyslogUDPInput.57324191f6bc790854fe5e94>
[Syslog UDP].
2016-09-21T11:28:53.660-04:00 INFO [InputSetupService] Input
<org.graylog2.inputs.syslog.udp.SyslogUDPInput.57324191f6bc790854fe5e94>
closed. Took [0ms]
2016-09-21T11:28:53.660-04:00 INFO [InputSetupService] Attempting to close
input
<org.graylog2.inputs.syslog.udp.SyslogUDPInput.573241e0f6bc790854fe5eef>
[Syslog UDP].
2016-09-21T11:28:53.662-04:00 INFO [InputSetupService] Input
<org.graylog2.inputs.syslog.udp.SyslogUDPInput.573241e0f6bc790854fe5eef>
closed. Took [0ms]
2016-09-21T11:28:53.671-04:00 INFO [Buffers] Waiting until all buffers are
empty.
2016-09-21T11:28:53.672-04:00 INFO [Buffers] All buffers are empty.
Continuing.
2016-09-21T11:28:53.673-04:00 INFO [node]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] stopping ...
2016-09-21T11:28:53.673-04:00 INFO [OutputSetupService] Stopping output
org.graylog2.outputs.BlockingBatchedESOutput
2016-09-21T11:28:53.698-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.periodical.AlertScannerThread].
2016-09-21T11:28:53.698-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.periodical.AlertScannerThread] complete, took
<0ms>.
2016-09-21T11:28:53.699-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread].
2016-09-21T11:28:53.702-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread]
complete, took <0ms>.
2016-09-21T11:28:53.702-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.periodical.ClusterHealthCheckThread].
2016-09-21T11:28:53.705-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.periodical.ClusterHealthCheckThread] complete,
took <0ms>.
2016-09-21T11:28:53.705-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.periodical.IndexerClusterCheckerThread].
2016-09-21T11:28:53.705-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.periodical.IndexerClusterCheckerThread] complete,
took <0ms>.
2016-09-21T11:28:53.705-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.periodical.IndexRetentionThread].
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.periodical.IndexRetentionThread] complete, took
<0ms>.
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.periodical.IndexRotationThread].
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.periodical.IndexRotationThread] complete, took
<0ms>.
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.periodical.VersionCheckThread].
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.periodical.VersionCheckThread] complete, took
<0ms>.
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.periodical.ThrottleStateUpdaterThread].
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.periodical.ThrottleStateUpdaterThread] complete,
took <0ms>.
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.events.ClusterEventPeriodical].
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.events.ClusterEventPeriodical] complete, took
<0ms>.
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.events.ClusterEventCleanupPeriodical].
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.events.ClusterEventCleanupPeriodical] complete,
took <0ms>.
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutting down
periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical].
2016-09-21T11:28:53.706-04:00 INFO [PeriodicalsService] Shutdown of
periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical] complete,
took <0ms>.
2016-09-21T11:28:53.707-04:00 INFO [GracefulShutdown] Goodbye.
2016-09-21T11:28:53.714-04:00 INFO [JerseyService] Shutting down HTTP
listener at <http://10.18.16.15:9000/api/>
2016-09-21T11:28:53.715-04:00 INFO [LogManager] Shutting down.
2016-09-21T11:28:53.720-04:00 INFO [node]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] stopped
2016-09-21T11:28:53.720-04:00 INFO [node]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] closing ...
2016-09-21T11:28:53.734-04:00 INFO [node]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] closed
2016-09-21T11:28:53.757-04:00 INFO [LogManager] Shutdown complete.
2016-09-21T11:28:53.759-04:00 INFO [JournalReader] Stopping.
2016-09-21T11:28:53.837-04:00 INFO [NetworkListener] Stopped listener
bound to [10.18.16.15:9000]
2016-09-21T11:28:58.116-04:00 WARN [PluginLoader] Plugin directory /plugin
does not exist, not loading plugins.
2016-09-21T11:28:58.459-04:00 INFO [CmdLineTool] Running with JVM
arguments: -Xms10g -Xmx14g -XX:NewRatio=1 -XX:+ResizeTLAB
-XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled
-XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC
-XX:-OmitStackTraceInFastThrow
-Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml
-Djava.library.path=/usr/share/graylog-server/lib/sigar
-Dgraylog2.installation_source=deb
2016-09-21T11:29:03.159-04:00 INFO [InputBufferImpl] Message journal is
enabled.
2016-09-21T11:29:03.207-04:00 INFO [NodeId] Node ID:
ecdff2ab-d0a2-4ddb-975e-d2379fb3625d
2016-09-21T11:29:03.676-04:00 INFO [LogManager] Loading logs.
2016-09-21T11:29:03.897-04:00 INFO [LogManager] Logs loading complete.
2016-09-21T11:29:03.897-04:00 INFO [KafkaJournal] Initialized Kafka based
journal at /var/lib/graylog-server/journal
2016-09-21T11:29:03.957-04:00 INFO [InputBufferImpl] Initialized
InputBufferImpl with ring size <65536> and wait strategy
<BlockingWaitStrategy>, running 2 parallel message handlers.
2016-09-21T11:29:04.028-04:00 INFO [cluster] Cluster created with settings
{hosts=[localhost:27017], mode=SINGLE, requiredClusterType=UNKNOWN,
serverSelectionTimeout='30000 ms', maxWaitQueueSize=5000}
2016-09-21T11:29:04.186-04:00 INFO [cluster] No server chosen by
ReadPreferenceServerSelector{readPreference=primary} from cluster
description ClusterDescription{type=UNKNOWN, connectionMode=SINGLE,
serverDescriptions=[ServerDescription{address=localhost:27017,
type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
2016-09-21T11:29:04.261-04:00 INFO [connection] Opened connection
[connectionId{localValue:1, serverValue:12}] to localhost:27017
2016-09-21T11:29:04.266-04:00 INFO [cluster] Monitor thread successfully
connected to server with description
ServerDescription{address=localhost:27017, type=STANDALONE,
state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 2, 9]},
minWireVersion=0, maxWireVersion=4, maxDocumentSize=16777216,
roundTripTimeNanos=4120848}
2016-09-21T11:29:04.282-04:00 INFO [connection] Opened connection
[connectionId{localValue:2, serverValue:13}] to localhost:27017
2016-09-21T11:29:04.949-04:00 INFO [node]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] version[2.3.5], pid[1869],
build[90f439f/2016-07-27T10:36:52Z]
2016-09-21T11:29:04.949-04:00 INFO [node]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] initializing ...
2016-09-21T11:29:04.965-04:00 INFO [plugins]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] modules [], plugins
[graylog-monitor], sites []
2016-09-21T11:29:08.444-04:00 INFO [node]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] initialized
2016-09-21T11:29:08.628-04:00 INFO [Version] HV000001: Hibernate Validator
5.2.4.Final
2016-09-21T11:29:08.889-04:00 INFO [ProcessBuffer] Initialized
ProcessBuffer with ring size <65536> and wait strategy
<BlockingWaitStrategy>.
2016-09-21T11:29:12.637-04:00 INFO [RulesEngineProvider] No static rules
file loaded.
2016-09-21T11:29:12.807-04:00 INFO [OutputBuffer] Initialized OutputBuffer
with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2016-09-21T11:29:12.864-04:00 INFO [connection] Opened connection
[connectionId{localValue:3, serverValue:14}] to localhost:27017
2016-09-21T11:29:14.714-04:00 INFO [ServerBootstrap] Graylog server
2.1.1+01d50e5 starting up
2016-09-21T11:29:14.715-04:00 INFO [ServerBootstrap] JRE: Oracle
Corporation 1.8.0_101 on Linux 3.16.0-77-generic
2016-09-21T11:29:14.715-04:00 INFO [ServerBootstrap] Deployment: deb
2016-09-21T11:29:14.715-04:00 INFO [ServerBootstrap] OS: Ubuntu 14.04.5
LTS (trusty)
2016-09-21T11:29:14.716-04:00 INFO [ServerBootstrap] Arch: amd64
2016-09-21T11:29:14.726-04:00 WARN [DeadEventLoggingListener] Received
unhandled event of type <org.graylog2.plugin.lifecycles.Lifecycle> from
event bus <AsyncEventBus{graylog-eventbus}>
2016-09-21T11:29:14.804-04:00 INFO [node]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] starting ...
2016-09-21T11:29:14.802-04:00 INFO [PeriodicalsService] Starting 22
periodicals ...
2016-09-21T11:29:14.805-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.ThroughputCalculator] periodical in [0s], polling
every [1s].
2016-09-21T11:29:14.858-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.AlertScannerThread] periodical in [10s], polling
every [60s].
2016-09-21T11:29:14.862-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] periodical
in [0s], polling every [1s].
2016-09-21T11:29:14.864-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.ClusterHealthCheckThread] periodical in [120s],
polling every [20s].
2016-09-21T11:29:14.864-04:00 INFO [PeriodicalsService] Not starting
[org.graylog2.periodical.ContentPackLoaderPeriodical] periodical. Not
configured to run on this node.
2016-09-21T11:29:14.864-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.GarbageCollectionWarningThread] periodical,
running forever.
2016-09-21T11:29:14.867-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.IndexerClusterCheckerThread] periodical in [0s],
polling every [30s].
2016-09-21T11:29:14.869-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.IndexRetentionThread] periodical in [0s], polling
every [300s].
2016-09-21T11:29:14.873-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.IndexRotationThread] periodical in [0s], polling
every [10s].
2016-09-21T11:29:14.875-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.NodePingThread] periodical in [0s], polling every
[1s].
2016-09-21T11:29:14.882-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.VersionCheckThread] periodical in [300s], polling
every [1800s].
2016-09-21T11:29:14.882-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.ThrottleStateUpdaterThread] periodical in [1s],
polling every [1s].
2016-09-21T11:29:14.885-04:00 INFO [IndexerClusterCheckerThread] Indexer
not fully initialized yet. Skipping periodic cluster check.
2016-09-21T11:29:14.886-04:00 INFO [Periodicals] Starting
[org.graylog2.events.ClusterEventPeriodical] periodical in [0s], polling
every [1s].
2016-09-21T11:29:14.889-04:00 INFO [Periodicals] Starting
[org.graylog2.events.ClusterEventCleanupPeriodical] periodical in [0s],
polling every [86400s].
2016-09-21T11:29:14.890-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.ClusterIdGeneratorPeriodical] periodical, running
forever.
2016-09-21T11:29:14.932-04:00 INFO [IndexRetentionThread] Elasticsearch
cluster not available, skipping index retention checks.
2016-09-21T11:29:14.967-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.IndexRangesMigrationPeriodical] periodical,
running forever.
2016-09-21T11:29:14.971-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.IndexRangesCleanupPeriodical] periodical in [15s],
polling every [3600s].
2016-09-21T11:29:14.989-04:00 INFO [connection] Opened connection
[connectionId{localValue:4, serverValue:15}] to localhost:27017
2016-09-21T11:29:15.065-04:00 INFO [PeriodicalsService] Not starting
[org.graylog2.periodical.UserPermissionMigrationPeriodical] periodical. Not
configured to run on this node.
2016-09-21T11:29:15.066-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.AlarmCallbacksMigrationPeriodical] periodical,
running forever.
2016-09-21T11:29:15.080-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.ConfigurationManagementPeriodical] periodical,
running forever.
2016-09-21T11:29:15.083-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.LdapGroupMappingMigration] periodical, running
forever.
2016-09-21T11:29:15.094-04:00 INFO [Periodicals] Starting
[org.graylog2.periodical.IndexFailuresPeriodical] periodical, running
forever.
2016-09-21T11:29:15.189-04:00 INFO [JerseyService] Enabling CORS for HTTP
endpoint
2016-09-21T11:29:15.478-04:00 INFO [transport]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] publish_address
{127.0.0.1:9350}, bound_addresses {[::1]:9350}, {127.0.0.1:9350}
2016-09-21T11:29:15.536-04:00 INFO [discovery]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d]
graylog/-nxNF3TlRU2wbDWJ_wamDA
2016-09-21T11:29:18.547-04:00 WARN [discovery]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] waited for 3s and no initial
state was set by the discovery
2016-09-21T11:29:18.548-04:00 INFO [node]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] started
2016-09-21T11:29:18.812-04:00 INFO [service]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] detected_master
{Spider-Ham}{ULG5xA3STjWERgzKBdH2sA}{127.0.0.1}{127.0.0.1:9300}, added
{{Spider-Ham}{ULG5xA3STjWERgzKBdH2sA}{127.0.0.1}{127.0.0.1:9300},}, reason:
zen-disco-receive(from master
[{Spider-Ham}{ULG5xA3STjWERgzKBdH2sA}{127.0.0.1}{127.0.0.1:9300}])
2016-09-21T11:29:30.817-04:00 INFO [NetworkListener] Started listener
bound to [10.18.16.15:9000]
2016-09-21T11:29:30.819-04:00 INFO [HttpServer] [HttpServer] Started.
2016-09-21T11:29:30.829-04:00 INFO [JerseyService] Started REST API at
<http://10.18.16.15:9000/api/>
2016-09-21T11:29:30.829-04:00 INFO [JerseyService] Started Web Interface
at <http://10.18.16.15:9000/>
2016-09-21T11:29:30.832-04:00 INFO [ServerBootstrap] Services started,
startup times in ms: {OutputSetupService [RUNNING]=52,
BufferSynchronizerService [RUNNING]=59, KafkaJournal [RUNNING]=65,
InputSetupService [RUNNING]=220, PeriodicalsService [RUNNING]=361,
JournalReader [RUNNING]=446, IndexerSetupService [RUNNING]=4087,
JerseyService [RUNNING]=16053}
2016-09-21T11:29:30.836-04:00 INFO [ServiceManagerListener] Services are
healthy
2016-09-21T11:29:30.839-04:00 INFO [ServerBootstrap] Graylog server up and
running.
2016-09-21T11:29:30.839-04:00 INFO [InputSetupService] Triggering
launching persisted inputs, node transitioned from Uninitialized?[LB:DEAD]
to Running?[LB:ALIVE]
2016-09-21T11:29:30.912-04:00 INFO [InputStateListener] Input [Syslog
UDP/57324191f6bc790854fe5e94] is now STARTING
2016-09-21T11:29:30.913-04:00 INFO [InputStateListener] Input [Syslog
UDP/573241bbf6bc790854fe5ec4] is now STARTING
2016-09-21T11:29:30.914-04:00 INFO [InputStateListener] Input [Syslog
UDP/573241e0f6bc790854fe5eef] is now STARTING
2016-09-21T11:29:30.955-04:00 WARN [NettyTransport] receiveBufferSize
(SO_RCVBUF) for input SyslogUDPInput{title=Brocade Syslogs - Port 1516,
type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=null} should be
262144 but is 212992.
2016-09-21T11:29:30.957-04:00 INFO [InputStateListener] Input [Syslog
UDP/57324191f6bc790854fe5e94] is now RUNNING
2016-09-21T11:29:30.958-04:00 WARN [NettyTransport] receiveBufferSize
(SO_RCVBUF) for input SyslogUDPInput{title=Syslog UDP 1514,
type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=null} should be
1048576 but is 212992.
2016-09-21T11:29:30.960-04:00 INFO [InputStateListener] Input [Syslog
UDP/573241e0f6bc790854fe5eef] is now RUNNING
2016-09-21T11:29:30.961-04:00 WARN [NettyTransport] receiveBufferSize
(SO_RCVBUF) for input SyslogUDPInput{title=Clearpass,
type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=null} should be
262144 but is 212992.
2016-09-21T11:29:30.964-04:00 INFO [InputStateListener] Input [Syslog
UDP/573241bbf6bc790854fe5ec4] is now RUNNING
2016-09-21T11:29:45.177-04:00 INFO [connection] Opened connection
[connectionId{localValue:5, serverValue:16}] to localhost:27017
2016-09-21T11:30:30.095-04:00 INFO [connection] Opened connection
[connectionId{localValue:6, serverValue:17}] to localhost:27017
2016-09-21T11:55:43.115-04:00 INFO [jvm]
[graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] [gc][young][1587][7]
duration [746ms], collections [1]/[1.5s], total [746ms]/[2.8s], memory
[4.3gb]->[277.5mb]/[13.3gb], all_pools {[young]
[3.9gb]->[13.9mb]/[5.6gb]}{[survivor] [318.6mb]->[220.7mb]/[716.7mb]}{[old]
[0b]->[42.9mb]/[7gb]}
2016-09-21T11:56:37.077-04:00 INFO [InputStateListener] Input [Syslog
UDP/57324191f6bc790854fe5e94] is now STOPPING
2016-09-21T11:56:37.080-04:00 INFO [InputStateListener] Input [Syslog
UDP/57324191f6bc790854fe5e94] is now STOPPED
2016-09-21T11:56:37.081-04:00 INFO [InputStateListener] Input [Syslog
UDP/57324191f6bc790854fe5e94] is now TERMINATED
2016-09-21T11:57:13.895-04:00 INFO [InputStateListener] Input [Syslog
UDP/573241bbf6bc790854fe5ec4] is now STOPPING
2016-09-21T11:57:13.898-04:00 INFO [InputStateListener] Input [Syslog
UDP/573241bbf6bc790854fe5ec4] is now STOPPED
2016-09-21T11:57:13.899-04:00 INFO [InputStateListener] Input [Syslog
UDP/573241bbf6bc790854fe5ec4] is now TERMINATED
2016-09-21T11:57:13.904-04:00 INFO [InputStateListener] Input [Syslog
UDP/573241bbf6bc790854fe5ec4] is now STARTING
2016-09-21T11:57:13.917-04:00 WARN [NettyTransport] receiveBufferSize
(SO_RCVBUF) for input SyslogUDPInput{title=Clearpass,
type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=null} should be
262144 but is 212992.
2016-09-21T11:57:13.918-04:00 INFO [InputStateListener] Input [Syslog
UDP/573241bbf6bc790854fe5ec4] is now RUNNING
2016-09-21T11:57:31.913-04:00 INFO [InputStateListener] Input [Syslog
UDP/57324191f6bc790854fe5e94] is now STARTING
2016-09-21T11:57:31.923-04:00 WARN [NettyTransport] receiveBufferSize
(SO_RCVBUF) for input SyslogUDPInput{title=Brocade Syslogs - Port 1516,
type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=null} should be
262144 but is 212992.
2016-09-21T11:57:31.924-04:00 INFO [InputStateListener] Input [Syslog
UDP/57324191f6bc790854fe5e94] is now RUNNING
2016-09-21T12:04:12.613-04:00 INFO [ExtractorsResource] Deleted extractor
<da3446d1-2743-11e6-9222-005056b84bb9> of type [GROK] from input
<57324191f6bc790854fe5e94>.
2016-09-21T12:04:12.895-04:00 INFO [connection] Opened connection
[connectionId{localValue:9, serverValue:19}] to localhost:27017
2016-09-21T12:04:12.895-04:00 INFO [connection] Opened connection
[connectionId{localValue:10, serverValue:20}] to localhost:27017
2016-09-21T12:04:12.896-04:00 INFO [connection] Opened connection
[connectionId{localValue:8, serverValue:21}] to localhost:27017
2016-09-21T12:04:12.896-04:00 INFO [connection] Opened connection
[connectionId{localValue:7, serverValue:18}] to localhost:27017
On Wednesday, September 21, 2016 at 12:03:52 PM UTC-4, Chris Call wrote:
>
> These are syslog messages from Brocade switches.
>
> Output of sudo ngrep -d any port 1516
> U 10.53.1.12:1026 -> 10.18.16.15:1516
> <14>2016 Sep 21 12:00:33 GNS-IDF-B STP: VLAN 42 Port 1/1/2 STP State ->
> FORWARDING (PortDown)
> #
> U 10.53.1.12:1026 -> 10.18.16.15:1516
> <14>2016 Sep 21 12:00:33 GNS-IDF-B STP: VLAN 42 Port 1/1/2 STP State ->
> BLOCKING (DOT1wTransition)
> #
> U 10.53.1.12:1026 -> 10.18.16.15:1516
> <14>2016 Sep 21 12:00:33 GNS-IDF-B STP: VLAN 42 Port 1/1/2 STP State ->
> DISABLED (PortDown)
> #
> U 10.53.1.12:1026 -> 10.18.16.15:1516
> <14>2016 Sep 21 12:00:33 GNS-IDF-B STP: VLAN 50 Port 1/1/2 STP State ->
> FORWARDING (PortDown)
> #
> U 10.53.1.12:1026 -> 10.18.16.15:1516
> <14>2016 Sep 21 12:00:33 GNS-IDF-B STP: VLAN 50 Port 1/1/2 STP State ->
> BLOCKING (DOT1wTransition)
> #
> U 10.53.1.12:1026 -> 10.18.16.15:1516
> <14>2016 Sep 21 12:00:33 GNS-IDF-B STP: VLAN 50 Port 1/1/2 STP State ->
> DISABLED (PortDown)
> #
> U 10.53.1.12:1026 -> 10.18.16.15:1516
> <14>2016 Sep 21 12:00:33 GNS-IDF-B System: Interface ethernet 1/1/2,
> state down
>
> Here is my input:
>
>
> <https://lh3.googleusercontent.com/-xURrrBeHw6c/V-KvHsDbCLI/AAAAAAAAAJI/Ft71A67cALgX6A3vz9M-0eCEzuKJxgLMACLcB/s1600/Screen%2BShot%2B2016-09-21%2Bat%2B12.02.07%2BPM.png>
>
>
> It was working when I was on 2.0. Again I'm sure I'm doing something dumb.
>
>
>
> On Wednesday, September 21, 2016 at 11:53:45 AM UTC-4, Jochen Schalanda
> wrote:
>>
>> Hi Chris,
>>
>> what kind of clients are sending syslog messages into Graylog and how are
>> they formatted?
>>
>> Cheers,
>> Jochen
>>
>> On Wednesday, 21 September 2016 17:34:45 UTC+2, Chris Call wrote:
>>>
>>> Thanks for the reply!
>>>
>>> I did not realize when I built the new VM I only gave it 1GB. Just
>>> increased it to 16 and added 10GB for Java with a max of 14GB. Now I can
>>> log in fine but no messages are appearing. I go to the inputs and click
>>> 'show received messages' on a syslog input running on port 1516 and it
>>> comes up with "Nothing found."
>>>
>>> When I run "sudo TCPDUMP 'port 1516'" I see messages coming in to the
>>> box. Any clues?
>>>
>>> Thanks again for your help!
>>>
>>>
>>>
>>> On Wednesday, September 21, 2016 at 10:09:53 AM UTC-4, Jochen Schalanda
>>> wrote:
>>>>
>>>> Hi Chris,
>>>>
>>>> what's the output of the following curl commands if you run it on the
>>>> machine your web browser is running on?
>>>>
>>>> curl -v -X GET http://10.18.16.15:9000/
>>>> curl -v -X GET -H 'Accept: application/json'
>>>> http://10.18.16.15:9000/api/
>>>>
>>>>
>>>> The long GC pauses (over 1 minute is really bad and unusual) are also
>>>> strange. Try giving Graylog more memory (currently it's 1 GB according to
>>>> the logs, try 2 GB), see
>>>> http://docs.graylog.org/en/2.1/pages/faq.html#raise-the-java-heap.
>>>>
>>>>
>>>> Cheers,
>>>> Jochen
>>>>
>>>> On Wednesday, 21 September 2016 15:59:35 UTC+2, Chris Call wrote:
>>>>>
>>>>> I had a great experience with Graylog before version 2.0 but I started
>>>>> fresh with a 2.0 install and had issues (streams kept stopping) and then
>>>>> upgraded to 2.0.1 I believe and now finally to 2.1.
>>>>>
>>>>> Right now, I can't open the web interface when I browse to
>>>>> 10.18.16.15:9000 (IP address of the host). I get nothing in the
>>>>> browser. Chrome gives me this "The 10.18.16.15 page isn’t working.
>>>>> 10.18.16.15 didn’t send any data." and no errors or messages in the
>>>>> developer java console.
>>>>>
>>>>> This is a single system running everything for Graylog and here are my
>>>>> config files and output:
>>>>>
>>>>> etc/graylog/server/server.conf:
>>>>> is_master = true
>>>>> node_id_file = /etc/graylog/server/node-id
>>>>> password_secret = <secret>
>>>>> root_password_sha2 = <secret>
>>>>> root_email = <email>
>>>>> plugin_dir = plugin
>>>>> rest_listen_uri = http://10.18.16.15:9000/api/
>>>>> web_enable = true
>>>>> web_listen_uri = http://10.18.16.15:9000/
>>>>> rotation_strategy = count
>>>>> elasticsearch_max_docs_per_index = 20000000
>>>>> elasticsearch_max_number_of_indices = 20
>>>>> retention_strategy = delete
>>>>> elasticsearch_shards = 4
>>>>> elasticsearch_replicas = 0
>>>>> elasticsearch_index_prefix = graylog
>>>>> allow_leading_wildcard_searches = false
>>>>> allow_highlighting = false
>>>>> elasticsearch_analyzer = standard
>>>>> output_batch_size = 500
>>>>> output_flush_interval = 1
>>>>> output_fault_count_threshold = 5
>>>>> output_fault_penalty_seconds = 30
>>>>> processbuffer_processors = 5
>>>>> outputbuffer_processors = 3
>>>>> processor_wait_strategy = blocking
>>>>> ring_size = 65536
>>>>> inputbuffer_ring_size = 65536
>>>>> inputbuffer_processors = 2
>>>>> inputbuffer_wait_strategy = blocking
>>>>> message_journal_enabled = true
>>>>> message_journal_dir = /var/lib/graylog-server/journal
>>>>> lb_recognition_period_seconds = 3
>>>>> mongodb_uri = mongodb://localhost/graylog
>>>>> mongodb_max_connections = 1000
>>>>> mongodb_threads_allowed_to_block_multiplier = 5
>>>>> content_packs_loader_enabled = false
>>>>> content_packs_auto_load = grok-patterns.json
>>>>> proxied_requests_thread_pool_size = 32
>>>>>
>>>>>
>>>>> /etc/elasticsearch/elasticsearch.yml
>>>>> # ======================== Elasticsearch Configuration
>>>>> =========================
>>>>> cluster.name: graylog
>>>>>
>>>>> result of " curl -XGET '
>>>>> http://localhost:9200/_cluster/health?pretty=true' ":
>>>>> {
>>>>> "cluster_name" : "graylog",
>>>>> "status" : "green",
>>>>> "timed_out" : false,
>>>>> "number_of_nodes" : 1,
>>>>> "number_of_data_nodes" : 1,
>>>>> "active_primary_shards" : 20,
>>>>> "active_shards" : 20,
>>>>> "relocating_shards" : 0,
>>>>> "initializing_shards" : 0,
>>>>> "unassigned_shards" : 0,
>>>>> "delayed_unassigned_shards" : 0,
>>>>> "number_of_pending_tasks" : 0,
>>>>> "number_of_in_flight_fetch" : 0,
>>>>> "task_max_waiting_in_queue_millis" : 0,
>>>>> "active_shards_percent_as_number" : 100.0
>>>>> }
>>>>>
>>>>> /var/log/graylog-server/server.log:
>>>>> 2016-09-21T09:41:42.573-04:00 WARN [PluginLoader] Plugin directory
>>>>> /plugin does not exist, not loading plugins.
>>>>> 2016-09-21T09:41:43.030-04:00 INFO [CmdLineTool] Running with JVM
>>>>> arguments: -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB
>>>>> -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled
>>>>> -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC
>>>>> -XX:-OmitStackTraceInFastThrow
>>>>> -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml
>>>>> -Djava.library.path=/usr/share/graylog-server/lib/sigar
>>>>> -Dgraylog2.installation_source=deb
>>>>> 2016-09-21T09:41:47.611-04:00 INFO [InputBufferImpl] Message journal
>>>>> is enabled.
>>>>> 2016-09-21T09:41:47.678-04:00 INFO [NodeId] Node ID:
>>>>> ecdff2ab-d0a2-4ddb-975e-d2379fb3625d
>>>>> 2016-09-21T09:41:48.054-04:00 INFO [LogManager] Loading logs.
>>>>> 2016-09-21T09:41:48.184-04:00 WARN [Log] Found a corrupted index
>>>>> file,
>>>>> /var/lib/graylog-server/journal/messagejournal-0/00000000000167286888.index,
>>>>>
>>>>> deleting and rebuilding index...
>>>>> 2016-09-21T09:41:49.740-04:00 INFO [LogManager] Logs loading complete.
>>>>> 2016-09-21T09:41:49.740-04:00 INFO [KafkaJournal] Initialized Kafka
>>>>> based journal at /var/lib/graylog-server/journal
>>>>> 2016-09-21T09:41:49.779-04:00 INFO [InputBufferImpl] Initialized
>>>>> InputBufferImpl with ring size <65536> and wait strategy
>>>>> <BlockingWaitStrategy>, running 2 parallel message handlers.
>>>>> 2016-09-21T09:41:49.825-04:00 INFO [cluster] Cluster created with
>>>>> settings {hosts=[localhost:27017], mode=SINGLE,
>>>>> requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms',
>>>>> maxWaitQueueSize=5000}
>>>>> 2016-09-21T09:41:49.946-04:00 INFO [cluster] No server chosen by
>>>>> ReadPreferenceServerSelector{readPreference=primary} from cluster
>>>>> description ClusterDescription{type=UNKNOWN, connectionMode=SINGLE,
>>>>> serverDescriptions=[ServerDescription{address=localhost:27017,
>>>>> type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
>>>>> 2016-09-21T09:41:50.002-04:00 INFO [connection] Opened connection
>>>>> [connectionId{localValue:1, serverValue:78}] to localhost:27017
>>>>> 2016-09-21T09:41:50.007-04:00 INFO [cluster] Monitor thread
>>>>> successfully connected to server with description
>>>>> ServerDescription{address=localhost:27017, type=STANDALONE,
>>>>> state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 2, 9]},
>>>>> minWireVersion=0, maxWireVersion=4, maxDocumentSize=16777216,
>>>>> roundTripTimeNanos=3105180}
>>>>> 2016-09-21T09:41:50.028-04:00 INFO [connection] Opened connection
>>>>> [connectionId{localValue:2, serverValue:79}] to localhost:27017
>>>>> 2016-09-21T09:41:50.737-04:00 INFO [node]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] version[2.3.5], pid[3698],
>>>>> build[90f439f/2016-07-27T10:36:52Z]
>>>>> 2016-09-21T09:41:50.741-04:00 INFO [node]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] initializing ...
>>>>> 2016-09-21T09:41:50.751-04:00 INFO [plugins]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] modules [], plugins
>>>>> [graylog-monitor], sites []
>>>>> 2016-09-21T09:41:54.439-04:00 INFO [node]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] initialized
>>>>> 2016-09-21T09:41:54.726-04:00 INFO [Version] HV000001: Hibernate
>>>>> Validator 5.2.4.Final
>>>>> 2016-09-21T09:41:55.085-04:00 INFO [ProcessBuffer] Initialized
>>>>> ProcessBuffer with ring size <65536> and wait strategy
>>>>> <BlockingWaitStrategy>.
>>>>> 2016-09-21T09:41:58.911-04:00 INFO [RulesEngineProvider] No static
>>>>> rules file loaded.
>>>>> 2016-09-21T09:41:59.117-04:00 INFO [OutputBuffer] Initialized
>>>>> OutputBuffer with ring size <65536> and wait strategy
>>>>> <BlockingWaitStrategy>.
>>>>> 2016-09-21T09:42:01.395-04:00 INFO [ServerBootstrap] Graylog server
>>>>> 2.1.1+01d50e5 starting up
>>>>> 2016-09-21T09:42:01.396-04:00 INFO [ServerBootstrap] JRE: Oracle
>>>>> Corporation 1.8.0_101 on Linux 3.16.0-77-generic
>>>>> 2016-09-21T09:42:01.396-04:00 INFO [ServerBootstrap] Deployment: deb
>>>>> 2016-09-21T09:42:01.396-04:00 INFO [ServerBootstrap] OS: Ubuntu
>>>>> 14.04.5 LTS (trusty)
>>>>> 2016-09-21T09:42:01.396-04:00 INFO [ServerBootstrap] Arch: amd64
>>>>> 2016-09-21T09:42:01.409-04:00 WARN [DeadEventLoggingListener]
>>>>> Received unhandled event of type
>>>>> <org.graylog2.plugin.lifecycles.Lifecycle>
>>>>> from event bus <AsyncEventBus{graylog-eventbus}>
>>>>> 2016-09-21T09:42:01.539-04:00 INFO [node]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] starting ...
>>>>> 2016-09-21T09:42:01.537-04:00 INFO [PeriodicalsService] Starting 22
>>>>> periodicals ...
>>>>> 2016-09-21T09:42:01.549-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.ThroughputCalculator] periodical in [0s],
>>>>> polling
>>>>> every [1s].
>>>>> 2016-09-21T09:42:01.556-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.AlertScannerThread] periodical in [10s], polling
>>>>> every [60s].
>>>>> 2016-09-21T09:42:01.559-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread]
>>>>> periodical
>>>>> in [0s], polling every [1s].
>>>>> 2016-09-21T09:42:01.560-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.ClusterHealthCheckThread] periodical in [120s],
>>>>> polling every [20s].
>>>>> 2016-09-21T09:42:01.560-04:00 INFO [PeriodicalsService] Not starting
>>>>> [org.graylog2.periodical.ContentPackLoaderPeriodical] periodical. Not
>>>>> configured to run on this node.
>>>>> 2016-09-21T09:42:01.561-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.GarbageCollectionWarningThread] periodical,
>>>>> running forever.
>>>>> 2016-09-21T09:42:01.562-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.IndexerClusterCheckerThread] periodical in [0s],
>>>>> polling every [30s].
>>>>> 2016-09-21T09:42:01.565-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.IndexRetentionThread] periodical in [0s],
>>>>> polling
>>>>> every [300s].
>>>>> 2016-09-21T09:42:01.566-04:00 INFO [IndexRetentionThread]
>>>>> Elasticsearch cluster not available, skipping index retention checks.
>>>>> 2016-09-21T09:42:01.571-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.IndexRotationThread] periodical in [0s], polling
>>>>> every [10s].
>>>>> 2016-09-21T09:42:01.571-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.NodePingThread] periodical in [0s], polling
>>>>> every
>>>>> [1s].
>>>>> 2016-09-21T09:42:01.572-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.VersionCheckThread] periodical in [300s],
>>>>> polling
>>>>> every [1800s].
>>>>> 2016-09-21T09:42:01.573-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.ThrottleStateUpdaterThread] periodical in [1s],
>>>>> polling every [1s].
>>>>> 2016-09-21T09:42:01.573-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.events.ClusterEventPeriodical] periodical in [0s], polling
>>>>> every [1s].
>>>>> 2016-09-21T09:42:01.574-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.events.ClusterEventCleanupPeriodical] periodical in [0s],
>>>>> polling every [86400s].
>>>>> 2016-09-21T09:42:01.574-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.ClusterIdGeneratorPeriodical] periodical,
>>>>> running
>>>>> forever.
>>>>> 2016-09-21T09:42:01.575-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.IndexRangesMigrationPeriodical] periodical,
>>>>> running forever.
>>>>> 2016-09-21T09:42:01.575-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.IndexRangesCleanupPeriodical] periodical in
>>>>> [15s],
>>>>> polling every [3600s].
>>>>> 2016-09-21T09:42:01.615-04:00 INFO [connection] Opened connection
>>>>> [connectionId{localValue:3, serverValue:80}] to localhost:27017
>>>>> 2016-09-21T09:42:01.633-04:00 INFO [connection] Opened connection
>>>>> [connectionId{localValue:5, serverValue:82}] to localhost:27017
>>>>> 2016-09-21T09:42:01.634-04:00 INFO [connection] Opened connection
>>>>> [connectionId{localValue:4, serverValue:81}] to localhost:27017
>>>>> 2016-09-21T09:42:01.642-04:00 INFO [connection] Opened connection
>>>>> [connectionId{localValue:6, serverValue:83}] to localhost:27017
>>>>> 2016-09-21T09:42:01.654-04:00 INFO [connection] Opened connection
>>>>> [connectionId{localValue:7, serverValue:84}] to localhost:27017
>>>>> 2016-09-21T09:42:01.674-04:00 INFO [IndexerClusterCheckerThread]
>>>>> Indexer not fully initialized yet. Skipping periodic cluster check.
>>>>> 2016-09-21T09:42:01.747-04:00 INFO [PeriodicalsService] Not starting
>>>>> [org.graylog2.periodical.UserPermissionMigrationPeriodical] periodical.
>>>>> Not
>>>>> configured to run on this node.
>>>>> 2016-09-21T09:42:01.747-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.AlarmCallbacksMigrationPeriodical] periodical,
>>>>> running forever.
>>>>> 2016-09-21T09:42:01.752-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.ConfigurationManagementPeriodical] periodical,
>>>>> running forever.
>>>>> 2016-09-21T09:42:01.763-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.LdapGroupMappingMigration] periodical, running
>>>>> forever.
>>>>> 2016-09-21T09:42:01.782-04:00 INFO [Periodicals] Starting
>>>>> [org.graylog2.periodical.IndexFailuresPeriodical] periodical, running
>>>>> forever.
>>>>> 2016-09-21T09:42:02.449-04:00 INFO [JerseyService] Enabling CORS for
>>>>> HTTP endpoint
>>>>> 2016-09-21T09:42:02.503-04:00 INFO [transport]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] publish_address {
>>>>> 127.0.0.1:9350}, bound_addresses {[::1]:9350}, {127.0.0.1:9350}
>>>>> 2016-09-21T09:42:02.529-04:00 INFO [discovery]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d]
>>>>> graylog/LSqj-br4QV2viKzC5-4cjA
>>>>> 2016-09-21T09:42:05.544-04:00 WARN [discovery]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] waited for 3s and no
>>>>> initial
>>>>> state was set by the discovery
>>>>> 2016-09-21T09:42:05.544-04:00 INFO [node]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] started
>>>>> 2016-09-21T09:42:06.919-04:00 INFO [service]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] detected_master
>>>>> {Magdalena}{jtlOAsLnQ0GHZ6E_FRpKZA}{127.0.0.1}{127.0.0.1:9300}, added
>>>>> {{Magdalena}{jtlOAsLnQ0GHZ6E_FRpKZA}{127.0.0.1}{127.0.0.1:9300},},
>>>>> reason: zen-disco-receive(from master
>>>>> [{Magdalena}{jtlOAsLnQ0GHZ6E_FRpKZA}{127.0.0.1}{127.0.0.1:9300}])
>>>>> 2016-09-21T09:42:20.153-04:00 INFO [NetworkListener] Started listener
>>>>> bound to [10.18.16.15:9000]
>>>>> 2016-09-21T09:42:20.171-04:00 INFO [HttpServer] [HttpServer] Started.
>>>>> 2016-09-21T09:42:20.177-04:00 INFO [JerseyService] Started REST API
>>>>> at <http://10.18.16.15:9000/api/>
>>>>> 2016-09-21T09:42:20.177-04:00 INFO [JerseyService] Started Web
>>>>> Interface at <http://10.18.16.15:9000/>
>>>>> 2016-09-21T09:42:20.178-04:00 INFO [ServiceManagerListener] Services
>>>>> are healthy
>>>>> 2016-09-21T09:42:20.194-04:00 INFO [ServerBootstrap] Services
>>>>> started, startup times in ms: {OutputSetupService [RUNNING]=15,
>>>>> BufferSynchronizerService [RUNNING]=17, KafkaJournal [RUNNING]=58,
>>>>> InputSetupService [RUNNING]=81, JournalReader [RUNNING]=82,
>>>>> PeriodicalsService [RUNNING]=271, IndexerSetupService [RUNNING]=5681,
>>>>> JerseyService [RUNNING]=18654}
>>>>> 2016-09-21T09:42:20.193-04:00 INFO [InputSetupService] Triggering
>>>>> launching persisted inputs, node transitioned from
>>>>> Uninitialized?[LB:DEAD]
>>>>> to Running?[LB:ALIVE]
>>>>> 2016-09-21T09:42:20.261-04:00 INFO [ServerBootstrap] Graylog server
>>>>> up and running.
>>>>> 2016-09-21T09:42:20.299-04:00 INFO [InputStateListener] Input [Syslog
>>>>> UDP/573241bbf6bc790854fe5ec4] is now STARTING
>>>>> 2016-09-21T09:42:20.301-04:00 INFO [InputStateListener] Input [Syslog
>>>>> UDP/57324191f6bc790854fe5e94] is now STARTING
>>>>> 2016-09-21T09:42:20.303-04:00 INFO [InputStateListener] Input [Syslog
>>>>> UDP/573241e0f6bc790854fe5eef] is now STARTING
>>>>> 2016-09-21T09:42:20.461-04:00 WARN [NettyTransport] receiveBufferSize
>>>>> (SO_RCVBUF) for input SyslogUDPInput{title=Clearpass,
>>>>> type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=null} should
>>>>> be
>>>>> 262144 but is 212992.
>>>>> 2016-09-21T09:42:20.463-04:00 WARN [NettyTransport] receiveBufferSize
>>>>> (SO_RCVBUF) for input SyslogUDPInput{title=Brocade Syslogs - Port 1516,
>>>>> type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=null} should
>>>>> be
>>>>> 262144 but is 212992.
>>>>> 2016-09-21T09:42:20.461-04:00 WARN [NettyTransport] receiveBufferSize
>>>>> (SO_RCVBUF) for input SyslogUDPInput{title=Syslog UDP 1514,
>>>>> type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=null} should
>>>>> be
>>>>> 1048576 but is 212992.
>>>>> 2016-09-21T09:42:20.464-04:00 INFO [InputStateListener] Input [Syslog
>>>>> UDP/573241bbf6bc790854fe5ec4] is now RUNNING
>>>>> 2016-09-21T09:42:20.465-04:00 INFO [InputStateListener] Input [Syslog
>>>>> UDP/57324191f6bc790854fe5e94] is now RUNNING
>>>>> 2016-09-21T09:42:20.466-04:00 INFO [InputStateListener] Input [Syslog
>>>>> UDP/573241e0f6bc790854fe5eef] is now RUNNING
>>>>> 2016-09-21T09:42:30.533-04:00 WARN [jvm]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] [gc][young][25][4]
>>>>> duration
>>>>> [3.7s], collections [1]/[4.4s], total [3.7s]/[4.6s], memory
>>>>> [477.5mb]->[154.3mb]/[972.8mb], all_pools {[young]
>>>>> [387.6mb]->[20.7mb]/[409.6mb]}{[survivor]
>>>>> [49.6mb]->[51.1mb]/[51.1mb]}{[old] [40.3mb]->[94.3mb]/[512mb]}
>>>>> 2016-09-21T09:42:41.544-04:00 WARN [jvm]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] [gc][young][30][5]
>>>>> duration
>>>>> [6s], collections [1]/[6.8s], total [6s]/[10.7s], memory
>>>>> [506.7mb]->[210.4mb]/[972.8mb], all_pools {[young]
>>>>> [361.2mb]->[19.1mb]/[409.6mb]}{[survivor]
>>>>> [51.1mb]->[51.1mb]/[51.1mb]}{[old] [94.3mb]->[140.1mb]/[512mb]}
>>>>> 2016-09-21T09:43:02.982-04:00 WARN [jvm]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] [gc][young][35][6]
>>>>> duration
>>>>> [15.4s], collections [1]/[16.6s], total [15.4s]/[26.1s], memory
>>>>> [566.6mb]->[274.8mb]/[972.8mb], all_pools {[young]
>>>>> [375.2mb]->[13.3mb]/[409.6mb]}{[survivor]
>>>>> [51.1mb]->[51.1mb]/[51.1mb]}{[old] [140.1mb]->[210.7mb]/[512mb]}
>>>>> 2016-09-21T09:44:13.861-04:00 WARN [jvm]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] [gc][young][48][7]
>>>>> duration
>>>>> [55.9s], collections [1]/[58.2s], total [55.9s]/[1.3m], memory
>>>>> [668.5mb]->[342.8mb]/[972.8mb], all_pools {[young]
>>>>> [406.6mb]->[24.1mb]/[409.6mb]}{[survivor]
>>>>> [51.1mb]->[51.1mb]/[51.1mb]}{[old] [210.7mb]->[269.2mb]/[512mb]}
>>>>> 2016-09-21T09:45:53.548-04:00 WARN [jvm]
>>>>> [graylog-ecdff2ab-d0a2-4ddb-975e-d2379fb3625d] [gc][young][71][8]
>>>>> duration
>>>>> [1.2m], collections [1]/[1.2m], total [1.2m]/[2.6m], memory
>>>>> [724.3mb]->[379.1mb]/[972.8mb], all_pools {[young]
>>>>> [403.9mb]->[9.3mb]/[409.6mb]}{[survivor]
>>>>> [51.1mb]->[51.1mb]/[51.1mb]}{[old]
>>>>> [269.2mb]->[319.9mb]/[512mb]}
>>>>>
>>>>>
>>>>>
>>>>> I really don't care about historical data so I'm willing to start
>>>>> fresh with a new install of 2.1. I just want my performance back from
>>>>> Graylog2 (version 1).
>>>>>
>>>>> Any help is greatly appreciated!
>>>>>
>>>>> Chris
>>>>>
>>>>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/abb9bff7-2805-49f6-87ef-98ad43e53177%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
