[graylog2] Re: Log Rotation
Hi Jochen, If i build a shell script using the API and move the closed indice files to different location, would a elasticsearch restart is required in order to refresh itself and the graylog? Based on your suggestion, my plan is to grep for closed indices using API and zip/move all the indices to a different location. Would this help or should i just copy the file to a different location and delete the source with the help of curator. Any ideas to include log rotation policy roles into elastic search in the future release. Thanks, Hema On Friday, April 3, 2015 at 3:23:35 PM UTC+5:30, Jochen Schalanda wrote: Hi Hema, multi-tiered data retention is currently not supported by Graylog. You could probably build something yourself quite quickly using the Elasticsearch API directly (e. g. check which indices are already closed and then create a snapshot of them). Maybe you could even use Curator ( http://www.elastic.co/guide/en/elasticsearch/client/curator/current/about.html) for that. Cheers, Jochen On Friday, 3 April 2015 01:35:00 UTC+2, Hema Kumar wrote: Hi, Is there a way to do a log Rotation - My policy is to hold 60 days of indices which was done in the configs, the logs more than 60 days are closed. - The second thing is after 60 days the closed indices should be moved to different drive and should hold it for 120 days but should still be available in graylog for easier access to open and search for it. - The third is after 120 days the logs can be archived using a zip utility and stored in different drive or deleted. * Numbers are just reference. What i am trying to ask is, would graylog be setting such log rotation policy instead of external tools. Really like the tool that is being developed. Thanks Much. Regards, Hema. -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Email Alert Callback Variables?
Is there a doc somewhere that lists all of the different varialbes that can be set in an email alert callback? I spent some time digging through the source and I think I have identified the following variables that can be setup for stream ${stream.id} ${stream.title} ${stream.description} but there are also ${message} variables which I don't know all of and can't find in the source code. What else can be set in email alert callbacks? -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Help with email alert callback variables
I'm looking for info about the variables that can be used in email alert callbacks. One of my specific needs is I want to include the hostname associated with the message in the subject. -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Upgrading Graylog Web Interface
For what it's worth, I updated my web interface tonight and verified it is pointing to the new jar, but still shows 1.0.0 . I'm guessing the displayed version just want changed. -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] 1.0.1 Spontaneous restart followed by memory shortage
I've installed 1.0.1 by deploying latest AWS image from https://github.com/Graylog2/graylog2-images/tree/master/aws on a medium (4GB) instance. Two configured inputs: syslog TCP and UDP on 513. After running for a few days, Graylog spontaneously restarts, and when the inputs spin up, they find the system resources too consumed by other things to allow them sufficient memory: Input 550ac07ee4b00f1a0c17d878 has failed to start on node 3afac49d-1641-4e00-807c-3922f9ca37a4 for this reason: Cannot allocate memory. Checking 'top' shows 135MB left out of the 4GB VM, of which 2GB, 0.8GB, and 0.5GB go to three Java processes, 33MB to Mongo :), and the rest various smaller processes. This is not a heavily-loaded instance, but regardless, I am guessing something is off-kilter somewhere in the JVM memory options of the 3 big guys. But I can't find where I should be configuring this. Is this supposed to be user-accessible configuration or is it deliberately buried? Either way something must be off in the default config. Also it is disturbing that graylog spontaneously restarts, and I can't find anything in the logs indicating why. Does anyone know why this might occur? Logs of an example incident below, showing spontaneous restart at 04:46am 2015/04/06. 2015-04-06 04:46:46.626 +03:00 3afac49d-1641-4e00-807c-3922f9ca37a4 Cannot allocate memory. 2015-04-06 04:46:46.621 +03:00 3afac49d-1641-4e00-807c-3922f9ca37a4 Cannot allocate memory. 2015-04-06 04:46:46.602 +03:00 3afac49d-1641-4e00-807c-3922f9ca37a4 Input [Syslog TCP/550ac07ee4b00f1a0c17d878] is now STARTING 2015-04-06 04:46:46.595 +03:00 3afac49d-1641-4e00-807c-3922f9ca37a4 Input [Syslog UDP/550ac062e4b00f1a0c17d857] is now STARTING 2015-04-06 04:46:46.547 +03:00 3afac49d-1641-4e00-807c-3922f9ca37a4 Started up. 2015-03-27 16:04:33.072 +02:00 3afac49d-1641-4e00-807c-3922f9ca37a4 Input [Syslog UDP/550ac062e4b00f1a0c17d857] is now RUNNING 2015-03-27 16:04:33.069 +02:00 3afac49d-1641-4e00-807c-3922f9ca37a4 Input [Syslog TCP/550ac07ee4b00f1a0c17d878] is now RUNNING 2015-03-27 16:04:32.936 +02:00 3afac49d-1641-4e00-807c-3922f9ca37a4 Input [Syslog TCP/550ac07ee4b00f1a0c17d878] is now STARTING 2015-03-27 16:04:32.912 +02:00 3afac49d-1641-4e00-807c-3922f9ca37a4 Input [Syslog UDP/550ac062e4b00f1a0c17d857] is now STARTING 2015-03-27 16:04:32.843 +02:00 3afac49d-1641-4e00-807c-3922f9ca37a4 Started up. -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.