[graylog2] Re: GrayLog 1.1.4 - ActiveDirectory connection
Thank you. That was the solution. On Thursday, July 30, 2015 at 6:27:48 PM UTC-4, Jason Haar wrote: We have the following format and it works for us Search Base DN: dc=xxx,dc=yyy User Search Pattern: ((objectClass=user)(userPrincipalName={0})) Display Name attribute: displayName (so did you remember to put brackets around the filter?) Jason -- You received this message because you are subscribed to the Google Groups Graylog Users group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/f8efad2d-2eff-477b-8193-fffe5096e933%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: elasticsearch crashed and now graylog-server broken?
It just happened again and this time elasticsearch is hosed. The out of memory error was system-wide - dmesg confirmed it. So the system ran out of memory, elasticsearch crashed, and now graylog-server cannot talk to it any more. When graylog-server attempts to connect to elasticsearch, it now reports [2015-07-31 22:50:25,943][WARN ][indices.cluster ] [Kate Neville] [graylog2_1][0] failed to mark shard as failed (because of [failed recovery]) I have no idea how to fix it (I never used graylog or elasticsearch until last week). Is there some form of recovery process I can run to get this working again? Either fix it or throw the broken bit away and start working again are outcomes I'd be happy with. At the moment the entire system is completely broken :-( Thanks -- You received this message because you are subscribed to the Google Groups Graylog Users group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/898f1c2d-2adc-41dc-82f5-f1d2743f7409%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Check Graylog Node Status via API
Hi Pete, the MongoDB stats resource will respond with HTTP status 500 after the timeout for connecting the MongoDB server has been reached (default: 10s) if the MongoDB server is down. Cheers, Jochen On Thursday, 30 July 2015 23:46:51 UTC+2, Pete GS wrote: Thanks Jochen, I thought I'd navigated through pretty much all the API Browser yesterday but I completely missed those! I'll check the Mongo stats next time it happens and see what I can see in there compared to a connected node and that should hopefully do the trick. Cheers, Pete On Thursday, 30 July 2015 19:45:27 UTC+10, Jochen Schalanda wrote: Hi Pete, currently there is no resource in the Graylog REST API which would check the availability of MongoDB or Elasticsearch explicitly. But you could check this indirectly via the cluster stats resource at http://localhost:12900/system/cluster/stats (or more specifically http://localhost:12900/system/cluster/stats/elasticsearch and http://localhost:12900/system/cluster/stats/mongo). Cheers, Jochen On Thursday, 30 July 2015 02:12:19 UTC+2, Pete GS wrote: This is possibly a little obscure but also possibly useful... I've written a Nagios plugin (in Perl) to check the health of all my Graylog nodes but the one thing I can't seem to find how to check is the status of a Graylog node in relation to being able to connect to the MongoDB. I can check pretty much everything else I want to (eg. journal utilisation, messages in vs. out, etc.). Essentially we have some funky network issues on occasion that will stop one or more nodes from talking to the MongoDB servers and they don't always recover, meaning one or more nodes will constantly report Did not find meta info of this node. Re-registering. in the server.log. I can certainly run another stream in Graylog and alert on this but I'd much prefer to be able to get it from the API if this is possible. Is there a function in the API already for this that I'm missing or should this be a feature request? I realise the key here is fixing the funky network issues and I'm working on that in parallel :) Cheers, Pete -- You received this message because you are subscribed to the Google Groups Graylog Users group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/29aee6d7-5029-47d7-bf46-e5f57bcd08d0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] graylog-server 1.1.5 - Enabling HTTPS REST api binds graylog-server service to loopback instead of eth0 address
I am currently in the process of switching to HTTPS for REST communication between my graylog-web frontend and graylog-server nodes but I am having an issue that when I configure the graylog-server to use https the service only binds to the loopback 127.0.1.1 instead of the eth0 address: netstat -an | grep 12900 tcp6 0 0 127.0.1.1:12900 :::*LISTEN My rest_listen_uri is set to match the certificate I'm using and as https (real domain removed) and the certificate and key are configured (real paths removed) and the graylog-server service startsup fine, connects to elasticsearch and the inputs start as normal: rest_listen_uri = https://hostname.example.com:12900/ rest_enable_tls = true rest_tls_cert_file = cert.cer rest_tls_key_file = key.key This is an Ubuntu 14.04.2 box and my /etc/hosts looks like this (real domains removed) 127.0.0.1 localhost 127.0.1.1 hostname.example.com hostname 10.106.249.71 hostname.example.com hostname Is this something I am doing wrong, or should the graylog-server process know from this config it's not supposed to start on the loopback IP? -- You received this message because you are subscribed to the Google Groups Graylog Users group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/cb97df20-1074-4c9d-99ca-89b15c392ad1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: graylog-server 1.1.5 - Enabling HTTPS REST api binds graylog-server service to loopback instead of eth0 address
When I removed that line I then had to then also manually specify the bind addresses for the Elasticsearch client, but otherwise that got it working. Thanks! -- You received this message because you are subscribed to the Google Groups Graylog Users group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/6c38a873-0ae2-4f31-b181-4f1a82df22a3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: graylog-server 1.1.5 - Enabling HTTPS REST api binds graylog-server service to loopback instead of eth0 address
Hi Tim, since you're using the hostname hostname.example.com to specify the network interface the Graylog REST API should listen on (using rest_listen_uri), Graylog is resolving the hostname on startup and using the first IP address this request returns – in your case 127.0.0.1 from your /etc/hosts file. In my opinion it doesn't make much sense to have multiple IP addresses per hostname on a local machine (enforced by your /etc/hosts file) as this is usually also a source of strange errors regarding networking. I'd recommend removing the following line completely: 127.0.1.1 hostname.example.com hostname Cheers, Jochen On Friday, 31 July 2015 11:30:56 UTC+2, Tim Cooper wrote: I am currently in the process of switching to HTTPS for REST communication between my graylog-web frontend and graylog-server nodes but I am having an issue that when I configure the graylog-server to use https the service only binds to the loopback 127.0.1.1 instead of the eth0 address: netstat -an | grep 12900 tcp6 0 0 127.0.1.1:12900 :::*LISTEN My rest_listen_uri is set to match the certificate I'm using and as https (real domain removed) and the certificate and key are configured (real paths removed) and the graylog-server service startsup fine, connects to elasticsearch and the inputs start as normal: rest_listen_uri = https://hostname.example.com:12900/ rest_enable_tls = true rest_tls_cert_file = cert.cer rest_tls_key_file = key.key This is an Ubuntu 14.04.2 box and my /etc/hosts looks like this (real domains removed) 127.0.0.1 localhost 127.0.1.1 hostname.example.com hostname 10.106.249.71 hostname.example.com hostname Is this something I am doing wrong, or should the graylog-server process know from this config it's not supposed to start on the loopback IP? -- You received this message because you are subscribed to the Google Groups Graylog Users group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/bc22d940-a006-42c3-baa6-be2589f2d18d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.