Hello guys,
I have a problem when running Graylog2
The problem seems to be Elasticsearch, but Elasticsearch seems to be
running just fine.
I've followed the instructions from the graylog website (for CentOS), but
the error I get is this one:
`2016-08-17T06:03:50.022Z INFO [IndexerClusterChecke
Hi Sam,
dont take ports which are already in use. Your netstat output shows that
9300 is in use. 5140 was a good choice. You should investigate why the
graylog input does not listen on that port.
Am 16.08.2016 9:36 nachm. schrieb "sam" :
> Ha,
>
>
> Now i did defined a port in /etc//rsyslog.conf
We currently have a cluster of ES 1.7 nodes and Graylog 1.3 servers, we are
looking to upgrade all of it to the latest version while retaining all the
data. I have looked at the documentations for upgrading both. Although the
ElasticSearch 2.3 upgrade seems pretty straight forward, it looks like
Hi Jamie,
you have to make these changes on every node.
Cheers,
Marius
On 16 August 2016 at 20:56, Jamie P wrote:
> Hello. I was wondering, if I had a cluster setup where graylog and
> mongodb is running on one ova, and elasticsearch is running on two other
> boxes, do I just follow the exampl
So what is this and what caused this?? My guess is something to do with
gunzip
2016-08-16 16:18:38,605 ERROR:
org.glassfish.jersey.server.ServerRuntime$Responder - An I/O error has
occurred while writing a response message entity to the container output
stream.
org.glassfish.jersey.server.
Take a look at the streams section for your alerts. You can setup criteria
based off a number of factors such as what type of log and then set
conditions on when to alert via email.
On Tuesday, August 16, 2016 at 11:32:24 AM UTC-4, NoRearView wrote:
>
> Hello!
>
> I'm currently working on get
Ha,
Now i did defined a port in /etc//rsyslog.conf as
*.* @@162.20.100.27:9300
and my graylog server input as syslog_TCP with port 9300 and bind address:
162.20.100.27
My log is clear :
2016-08-16T15:17:13.831-04:00 WARN [NettyTransport] receiveBufferSize
(SO_RCVBUF) for input Sysl
Hi Sam,
you cannot capture anything if nothing is listening on that port. I guess
there is something wrong with your graylog input config. Mby you should
have a look into the graylog log.
Am 16.08.2016 9:04 nachm. schrieb "sam" :
> Hi Ha,
>
>
> below is the log fro tcpdumb
>
> tcpdump -i eth0 p
I am sorry Ha, Actually I am new to this stuff. trying to get into this. I
am here with lot many questions :)
CAn you suggest me any port that Can confiure in my graylog syslog_TCP
input with ?? and ryslog.conf input port please
Thank you
On Tuesday, August 16, 2016 at 11:57:31 AM UTC-7,
Hi Ha,
below is the log fro tcpdumb
tcpdump -i eth0 port 5140
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
0 packets captured
1 packets received by filter
0 packets dropped by kernel
Thank y
Hi Sam,
you can get your interface number with
ifconfig -a
you need the interface for the ip 162.20.100.27. Something like eth0, eth1.
So the command should look like
tcpdump -i eth0 port 5140
No you cannot use port 16001 because its in use. Mby you should double
check your syslog input in gra
Hello. I was wondering, if I had a cluster setup where graylog and mongodb
is running on one ova, and elasticsearch is running on two other boxes, do
I just follow the example below from the documentation on the master node
(the one with graylog and mongodb installed to it) and will the changes
Hi Ha,
I cant able to use this one :
tcpdump -i ethX port 5140 where ;
tcpdump -i eth162.20.100.27 port 5140 (Can you please let me know whether
I am using the right one)
Can I use 16001 to configure syslog to receive the logs ???
Thank you Ha
On Tuesday, August 16, 2016 at 11:36:2
Hi Sam,
there is nothing on port 5140.
Am 16.08.2016 8:21 nachm. schrieb "sam" :
> Hi Ha,
>
> below is the output for netstat -tulpen: where my graylog address is :
> 162.20.100.27
>
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address Foreign Address
I have OpenNMS writing all events to syslog and graylog2 is ingesting all
syslog messages via logstash/gelf.
The messages get into graylog2 fine and I can search them.
I configured a stream and tested the e-mail with dummy e-mail and the
e-mail makes it to me just fine.
My stream uses a regex
Hi Ha,
below is the output for netstat -tulpen: where my graylog address is :
162.20.100.27
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State User Inode PID/Program name
tcp0 0 162.20.100.
Hello!
I'm currently working on getting our infrastructure up to date for a
(voluntary) HIPAA audit. One area I need to improve is our logging
capabilities. My end goal is to have a centralized location for my log
files and also be notified of any failed login attempts or firewall alerts.
A se
Hi,
So it seems the CSV to field converter doesn't work with whitespace
delimiters?
Sample log:
2016-08-16 15:14:20 192.168.20.100 POST /Clients - 80 DOMAIN\user
192.168.30.171
Mozilla/5.0+(Windows+NT+10.0;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/52.0.2743.116+Safari/537.36
3
Hi Jochen,
I am manually using Graylog REST API to position widgets. It seems to work
the first time i do it but if i was to delete and then re-add a widget and
try to position using the REST API then the REST API put of positions fail
The JSON body i am using for the position put is
Hello everyone!
I am a brand new user of graylog and I am in the middle of setup.
I have read
http://www.rsyslog.com/doc/v8-stable/tutorials/tls_cert_client.html and I
can't find information about what I want to do. I am not sure that what I
want to do is even possible.
I want to set up rsy
Hi Stefan,
please create a GitHub issue for this
at https://github.com/Graylog2/fpm-recipes/issues/ and make sure to link
to https://github.com/Graylog2/fpm-recipes/issues/58 in your comment.
Cheers,
Jochen
On Tuesday, 16 August 2016 13:12:10 UTC+2, Stefan Ioan wrote:
>
> Hello,
>
> Please f
Hello,
Please forgive me if this issue has already been posted (I could not find
it by searching for it) or if this is not the proper place for this kind of
issue.
Does anyone have a problem using the "deb
https://packages.graylog2.org/repo/debian/ stable 2.1" repo ? I'm using
Debian Stretch
Yup, it's fixed in this version. So, not sure if should bother filing as a
bug for the stable version or not. I know pipelines were experimental for
2.0.x.
On Tuesday, August 16, 2016 at 3:54:28 AM UTC-5, Edmundo Alvarez wrote:
>
> Hello James,
>
> There were quite a few changes on the pipeline
Hi Sam,
make sure that there is not packet filter or firewall blocking access to
the host 162.20.100.27 on port 12201/tcp and that packets to 162.20.100.27
can be routed correctly by the machine running Graylog Collector.
Cheers,
Jochen
On Tuesday, 16 August 2016 06:59:30 UTC+2, sam wrote:
>
>
Hi Alex,
how exactly are you using the Graylog REST API and which requests do you
send to it?
Cheeres,
Jochen
On Monday, 15 August 2016 22:19:03 UTC+2, Alex Stanek wrote:
>
> Hello,
> I am currently trying to position dashboard widgets using Graylog 2.0 rest
> api with no such luck on the posi
Hi Jordan,
please make sure that you have started a matching Syslog input (UDP or TCP)
in Graylog and that your network appliances have access to the provided IP
address.
Additionally, it is possible that the output of your network appliances is
not conforming to RFC 3164 or RFC 5424. In this
Hi Jan,
you have to provide the specific IP address or host name of Graylog to the
Docker daemon with the gelf-address configuration setting. "0.0.0.0" is not
a specific IP address but is evaluated as a "wildcard" which has to be
resolved somehow.
Cheers,
Jochen
On Sunday, 14 August 2016 21:
Use web_endpoint_uri.
On Monday, August 15, 2016 at 6:09:43 PM UTC+2, Fred Blaise wrote:
>
> Hello,
>
> I am using the openstack 2.0.3 qcow2 image on a single instance. I am
> having issues when specifying the rest_listen_uri to http://0.0.0.0:12900.
> I need to have the API port available for bo
Hi,
if Graylog has been configured with the necessary LDAP settings, it will
sync user information from the directory service to the local user database
and re-sync information on every login.
So in the end, it's already working the way you want it to.
Cheers,
Jochen
On Friday, 12 August 2016
I'll give that a shot and post back with results.
On Tuesday, August 16, 2016 at 3:54:28 AM UTC-5, Edmundo Alvarez wrote:
>
> Hello James,
>
> There were quite a few changes on the pipelines for 2.1.0, so I was trying
> to reproduce this issue in 2.1.0-beta.3 but I couldn't. Could you please
>
Hello James,
There were quite a few changes on the pipelines for 2.1.0, so I was trying to
reproduce this issue in 2.1.0-beta.3 but I couldn't. Could you please take a
look and see if you still have the same problem in the latest beta? Here is the
link if you want to take a look:
https://www.g
31 matches
Mail list logo