[graylog2] Search Issue ...

2015-09-08 Thread Claus Koell 
Hi !

We are using graylog 1.1.6 and we have troubles with some search strings. 
We are using a collector to reading files 
from a windows system. We can see a field named 'source_file' in these 
messages

Sample Value: C:\Program 
Files\IBM\WebSphere\AppServer8\profiles\AppSrv01\logs\MyServer\SystemOut.log

If we try to search for all logs from a specific source_file it does not 
work.

This is the elastic search query:

{
  "from": 0,
  "size": 100,
  "query": {
"query_string": {
  "query": "source_file:\"C:\\Program 
Files\\IBM\\WebSphere\\AppServer8\\profiles\\AppSrv01\\logs\\MyServer\\SystemOut.log\"",
  "allow_leading_wildcard": false
}
  },
  "post_filter": {
"bool": {
  "must": {
"range": {
  "timestamp": {
"from": "2015-09-08 00:28:10.547",
"to": "2015-09-08 08:28:10.547",
"include_lower": true,
"include_upper": true
  }
}
  }
}
  },
  "sort": [
{
  "timestamp": {
"order": "desc"
  }
}
  ]
}

Maybe the backslashes make the trouble ?

thanks for help !

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/10947277-e234-4456-965b-c2ced6149d9e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] LDAP authentication with Graylog 1.2 RC2

2015-09-08 Thread yveslouis . rofort 
Hi,

I tried quickly the graylog 1.2 RC2, but I had a bloquant problem with 
authentication.

Does the ldap authentication strategy will change in near future  ?
 - Can we use ldap authentication with users without ldap group ?
 - Can we create groups but not ldap groups ?

(The old users can't no more connect to graylog-web due to deprecated 
permissions)

Best regards

Yves Louis ROFORT

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ea27ec14-e6fb-4ddc-9b08-ef06737cc33c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: LDAP authentication with Graylog 1.2 RC2

2015-09-08 Thread Kay Roepke 
Hi!

Old users should have been migrated to the new permission system 
automatically, please check your graylog server log file. It should contain 
lines like:
"INFO  [UserPermissionMigrationPeriodical] Migrating permissions to roles 
for user"

You can use roles without LDAP group mapping, yes. Simply create the roles 
and then assign them to users by hand.
LDAP group mapping is supposed to make it easier to integrate but is not 
required.

We have not encountered any problems with group mapping so far, are there 
any errors in the graylog server log?

Best regards,
Kay

On Tuesday, 8 September 2015 14:20:23 UTC+2, yvesloui...@gmail.com wrote:
>
> Hi,
>
> I tried quickly the graylog 1.2 RC2, but I had a bloquant problem with 
> authentication.
>
> Does the ldap authentication strategy will change in near future  ?
>  - Can we use ldap authentication with users without ldap group ?
>  - Can we create groups but not ldap groups ?
>
> (The old users can't no more connect to graylog-web due to deprecated 
> permissions)
>
> Best regards
>
> Yves Louis ROFORT
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/a761e953-bfe2-444b-a8ea-fdf32ed94f66%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: No Graylog servers available.

2015-09-08 Thread HockeyFan0000 
Thank you for your reply.  I gave Graylog write permissions on the folders 
in that path and restarted the 'graylog-server' service, but nothing has 
changed.  I'm still getting the same error in the log.  Do you have any 
other suggestions?




On Saturday, September 5, 2015 at 4:25:39 AM UTC-4, Jochen Schalanda wrote:
>
> Hi,
>
> ERROR: Unable to access file /data
>>
>>
> Graylog needs write-access to the /data directory (also see 
> message_journal_dir, 
> https://github.com/Graylog2/graylog2-server/blob/1.1.6/misc/graylog2.conf#L254-L256).
>  
> You have to ensure that the Graylog system user is allowed to enter, read, 
> and write into that directory or use another directory for the message 
> journal.
>
>
> Cheers,
> Jochen
>
> On Saturday, 5 September 2015 10:19:39 UTC+2, HockeyFan wrote:
>>
>> I keep getting that message on the web interface.  The information in the 
>> error log really doesn't mean much to me.  Can any of you tell me what this 
>> means?
>>
>>
>>
>> 2015-09-04T15:17:16.342-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.343-04:00 INFO  [node] [syslog01] version[1.6.2], 
>> pid[5922], build[6220391/2015-07-29T09:24:47Z]
>> 2015-09-04T15:17:16.343-04:00 INFO  [node] [syslog01] initializing ...
>> 2015-09-04T15:17:16.344-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.345-04:00 INFO  [node] [syslog01] version[1.6.2], 
>> pid[5922], build[6220391/2015-07-29T09:24:47Z]
>> 2015-09-04T15:17:16.345-04:00 INFO  [node] [syslog01] initializing ...
>> 2015-09-04T15:17:16.345-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.347-04:00 INFO  [node] [syslog01] version[1.6.2], 
>> pid[5922], build[6220391/2015-07-29T09:24:47Z]
>> 2015-09-04T15:17:16.347-04:00 INFO  [node] [syslog01] initializing ...
>> 2015-09-04T15:17:16.347-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.352-04:00 INFO  [node] [syslog01] version[1.6.2], 
>> pid[5922], build[6220391/2015-07-29T09:24:47Z]
>> 2015-09-04T15:17:16.352-04:00 INFO  [node] [syslog01] initializing ...
>> 2015-09-04T15:17:16.353-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.354-04:00 INFO  [node] [syslog01] version[1.6.2], 
>> pid[5922], build[6220391/2015-07-29T09:24:47Z]
>> 2015-09-04T15:17:16.354-04:00 INFO  [node] [syslog01] initializing ...
>> 2015-09-04T15:17:16.354-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.356-04:00 INFO  [node] [syslog01] version[1.6.2], 
>> pid[5922], build[6220391/2015-07-29T09:24:47Z]
>> 2015-09-04T15:17:16.356-04:00 INFO  [node] [syslog01] initializing ...
>> 2015-09-04T15:17:16.356-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.358-04:00 INFO  [node] [syslog01] version[1.6.2], 
>> pid[5922], build[6220391/2015-07-29T09:24:47Z]
>> 2015-09-04T15:17:16.358-04:00 INFO  [node] [syslog01] initializing ...
>> 2015-09-04T15:17:16.358-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.359-04:00 INFO  [node] [syslog01] version[1.6.2], 
>> pid[5922], build[6220391/2015-07-29T09:24:47Z]
>> 2015-09-04T15:17:16.359-04:00 INFO  [node] [syslog01] initializing ...
>> 2015-09-04T15:17:16.360-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.361-04:00 INFO  [node] [syslog01] version[1.6.2], 
>> pid[5922], build[6220391/2015-07-29T09:24:47Z]
>> 2015-09-04T15:17:16.361-04:00 INFO  [node] [syslog01] initializing ...
>> 2015-09-04T15:17:16.362-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.388-04:00 ERROR [CmdLineTool] 
>>
>> 
>>
>> ERROR: Unable to access file /data
>>
>> Need help?
>>
>> * Official documentation: http://docs.graylog.org/
>> * Community support: https://www.graylog.org/community-support/
>> * Commercial support: https://www.graylog.com/support/
>>
>> Terminating. :(
>>
>> 
>>
>> 2015-09-04T15:17:16.996-04:00 INFO  [CmdLineTool] Loaded plugins: [Anonymous 
>> Usage Statistics 1.1.1 
>> [org.graylog.plugins.usagestatistics.UsageStatsPlugin]]
>> 2015-09-04T15:17:17.063-04:00 INFO  [CmdLineTool] Running with JVM 
>> arguments: -Xms1g -Xmx1g -XX:NewRatio=1 -XX:PermSize=128m 
>> -XX:MaxPermSize=256m -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC 
>> -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC 
>> -XX:-OmitStackTraceInFastThrow 
>> -Dlog4j.configuration=file:///etc/graylog/server/log4j.xml 
>> -Djava.library.path=/usr/share/graylog-server/lib/sigar
>> 2015-09-04T15:17:19.764-04:00 INFO  [InputBufferImpl] Message journal is 
>> enabled.
>> 2015-09-04T15:17:20.017-04:00 INFO

[graylog2] [ANNOUNCE] Graylog v1.2-rc.4 has been released

2015-09-08 Thread Lennart Koopmann 
Hey everybody,

we just released Graylog v1.2-rc.4:
https://www.graylog.org/announcing-graylog-1-2-rc-4/

Please try it out and post all feedback to this mailing list.

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1nm63BdbbDABhC8ss2GRyfZuMY4WqEPKvvccLuvsi9QHhw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: elasticsearch version requirements

2015-09-08 Thread Kay Roepke 
On Tuesday, 8 September 2015 19:19:05 UTC+2, Mike Daoust  wrote:
> Is it documented anywhere which versions of elasticsearch are suggested for 
> graylog?

You should run the latest release version, but at least 1.6.x for the security 
and reliability improvements.

Usually we aim to support the latest 2-3 minor versions.

Best,
Kay

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/b7c9aa7f-02d0-4db9-9b55-ddf6f5e7fdf2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Extracting data from Jasig CAS 4.0 cas.log log file for parsing with Graylog

2015-09-08 Thread Carl Daudt 
We would like to use Graylog2 to view information extracted from our 
cas.log file from our Jasig CAS 4.0 service. Any recommendations about some 
sort of how to extract the data from cas.log into a format that can be used 
by Graylog2 would be much appreciated.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/d1cafed3-dd77-48dc-b22c-78fb39469bc6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: LDAP authentication with Graylog 1.2 RC2

2015-09-08 Thread Jochen Schalanda 
Hi Yves,

the automatic migration of legacy user accounts to the new scheme has been 
added in Graylog 1.2.0-rc.3. I'd recommend upgrading to Graylog 1.2.0-rc.4 
in your case to verify that the problem has been solved.


Cheers,
Jochen

On Tuesday, 8 September 2015 15:19:36 UTC+2, yvesloui...@gmail.com wrote:
>
> Hi Kay,
>
> Thanks for your answer, I will check again, I may have missed something.
> (I hane no lines with "Migrating permissions" in my logs)
>
> I used graylog 1.1.0, and with 1.2RC2, when editing an old user, I have 
> the warning "This user was created from an external system and you can't 
> change the roles here. Please update the LDAP group mapping to make changes 
> or contact an administrator for more information.".
> Same result with a ldap user created with 1.2RC2.
>
> I keep you informed if I find something.
>
> Thanks,
>
> Best Regards,
> Yves Louis
>
>
> Le mardi 8 septembre 2015 14:38:45 UTC+2, Kay Roepke a écrit :
>>
>> Hi!
>>
>> Old users should have been migrated to the new permission system 
>> automatically, please check your graylog server log file. It should contain 
>> lines like:
>> "INFO  [UserPermissionMigrationPeriodical] Migrating permissions to 
>> roles for user"
>>
>> You can use roles without LDAP group mapping, yes. Simply create the 
>> roles and then assign them to users by hand.
>> LDAP group mapping is supposed to make it easier to integrate but is not 
>> required.
>>
>> We have not encountered any problems with group mapping so far, are there 
>> any errors in the graylog server log?
>>
>> Best regards,
>> Kay
>>
>> On Tuesday, 8 September 2015 14:20:23 UTC+2, yvesloui...@gmail.com wrote:
>>>
>>> Hi,
>>>
>>> I tried quickly the graylog 1.2 RC2, but I had a bloquant problem with 
>>> authentication.
>>>
>>> Does the ldap authentication strategy will change in near future  ?
>>>  - Can we use ldap authentication with users without ldap group ?
>>>  - Can we create groups but not ldap groups ?
>>>
>>> (The old users can't no more connect to graylog-web due to deprecated 
>>> permissions)
>>>
>>> Best regards
>>>
>>> Yves Louis ROFORT
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/2d999f59-3b98-4018-8deb-9d6ae52bffc6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY when using HTTPS for web interface

2015-09-08 Thread Russ Collier 
Howdy,

This appears to have started happening recently with newer versions of 
Chrome (version 45.0.2454.85) and Firefox (version 39), but using the 
Graylog Web Interface 1.1.6 with HTTPS and a valid SSL certificate/Java 
KeyStore (type: JKS), when I access our Graylog web interface installation, 
I get an error message like ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY "Server 
has a weak ephemeral Diffie-Hellman public key". This doesn't happen when 
using Internet Explorer 10, though.

I thought I'd read this is possibly due to recent updates in some web 
browsers with more stringent SSL cipher requirements related to the Logjam 
vulnerability earlier this year.

Is anyone else experiencing this issue? And know of any workarounds? I 
wasn't sure if this was just affecting me, or if it was worth raising a 
request in the Graylog Web Interface issue tracker.

Thanks!
Russ

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/92403656-cbf2-423e-85a8-cefdbb7cc7fe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] upgrading graylog-server from 1.16 to 1.2rc4 totally broke all LDAP access

2015-09-08 Thread Jason Haar 
Hi there

Says it all really. After upgrading from 1.16 to 1.2rc4, none of the LDAP 
(actually ActiveDirectory) accounts work - even the Admin ones (thankfully 
the standard backdoor "admin" account still works)

I tried logging in with a new LDAP account - it also fails (default user 
mode: Reader). But refreshing the "user" area shows the new account - so 
it's been created even though I can't log in with it. The login page error 
says "sorry those creds aren't valid"

I didn't change the LDAP User Mapping area [  which is set to 
"(&(objectClass=user)(userPrincipalName={0}))" ], but changed the new Group 
Mapping to

(&(objectClass=group)(cn=*))

with "Group Name Attribute" set to "cn". I also used ldapsearch to test 
that filter - it works fine, returning a bunch of groups

However, after filling in that section I go to "LDAP Group Mapping" and it 
says there are no LDAP groups - so something's wrong in the group section 
of the "LDAP Settings". We are running an AD forest and I'm logging in 
using an account from a child domain (we don't have user accounts in the 
parent) - so could this be a recursion problem? However, the logs do show 
evidence of the LDAP query bringing back groups from the child domains - so 
it all looks good as far as I can see

I've turned up the Authentication logging to "debug" and this shows up on 
any LDAP login event. That "ERR_04486_VALUE_ALREADY_EXISTS" is the only 
thing that looks like an error?


2015-09-08T20:56:25.519-04:00 DEBUG [ModularRealmAuthenticator] Realm 
[org.graylog2.security.realm.SessionAuthenticator@79ea39fc] does not 
support token org.apache.shiro.authc.UsernamePasswordToken - 
usern...@domain.name, rememberMe=false.  Skipping realm.
2015-09-08T20:56:25.520-04:00 DEBUG [ModularRealmAuthenticator] Realm 
[org.graylog2.security.realm.AccessTokenAuthenticator@5d75e8f0] does not 
support token org.apache.shiro.authc.UsernamePasswordToken - 
usern...@domain.name, rememberMe=false.  Skipping realm.
2015-09-08T20:56:40.614-04:00 ERROR [DefaultAttribute] 
ERR_04486_VALUE_ALREADY_EXISTS The value '20150728213900.0Z' already exists 
in the attribute (dSCorePropagationData)
2015-09-08T20:56:41.964-04:00 WARN  [UserServiceImpl] User 
usern...@domain.name: No group mapping for ldap group 
2015-09-08T20:56:41.969-04:00 WARN  [UserServiceImpl] User 
usern...@domain.name: No group mapping for ldap group 
2015-09-08T20:56:41.969-04:00 WARN  [UserServiceImpl] User 
usern...@domain.name: No group mapping for ldap group 
2015-09-08T20:56:41.971-04:00 DEBUG [AuthenticatingRealm] Looked up 
AuthenticationInfo [usern...@domain.name] from doGetAuthenticationInfo
2015-09-08T20:56:41.971-04:00 DEBUG [AuthenticatingRealm] 
AuthenticationInfo caching is disabled for info [usern...@domain.name]. 
 Submitted token: [org.apache.shiro.authc.UsernamePasswordToken - 
usern...@domain.name, rememberMe=false].
2015-09-08T20:56:41.973-04:00 DEBUG [AuthenticatingRealm] Looked up 
AuthenticationInfo [null] from doGetAuthenticationInfo
2015-09-08T20:56:41.973-04:00 DEBUG [AuthenticatingRealm] No 
AuthenticationInfo found for submitted AuthenticationToken 
[org.apache.shiro.authc.UsernamePasswordToken - usern...@domain.name, 
rememberMe=false].  Returning null.
2015-09-08T20:56:41.973-04:00 DEBUG [AuthenticatingRealm] Looked up 
AuthenticationInfo [null] from doGetAuthenticationInfo
2015-09-08T20:56:41.973-04:00 DEBUG [AuthenticatingRealm] No 
AuthenticationInfo found for submitted AuthenticationToken 
[org.apache.shiro.authc.UsernamePasswordToken - usern...@domain.name, 
rememberMe=false].  Returning null.
2015-09-08T20:56:41.973-04:00 DEBUG [AbstractAuthenticator] Authentication 
successful for token [org.apache.shiro.authc.UsernamePasswordToken - 
usern...@domain.name, rememberMe=false].  Returned account 
[usern...@domain.name]
2015-09-08T20:56:41.973-04:00 DEBUG [DefaultSubjectContext] No 
SecurityManager available in subject context map.  Falling back to 
SecurityUtils.getSecurityManager() lookup.
2015-09-08T20:56:41.973-04:00 DEBUG [DefaultSubjectContext] No 
SecurityManager available in subject context map.  Falling back to 
SecurityUtils.getSecurityManager() lookup.
2015-09-08T20:56:41.976-04:00 DEBUG [DefaultSessionManager] Creating new 
EIS record for new session instance 
[org.apache.shiro.session.mgt.SimpleSession,id=null]

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/203aaf72-7700-4e9a-b881-2b4e1280f227%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: upgrading graylog-server from 1.16 to 1.2rc4 totally broke all LDAP access

2015-09-08 Thread Jason Haar 
Whoops - forgot to mention this was LDAPS to our Global Catalog LDAP 
service (that's the trick Microsoft uses to emulate "flattening" an AD 
hierarchy

Also I just changed from LDAPS to LDAP so that I could sniff what's going 
on. According to wireshark the group search filter was working - returning 
data. 

However, if I removed the filter entirely, then I can log in via LDAP! So 
it's now back to the way it was before the upgrade. However, I need to 
figure out how to do the filter so as to get the LDAP mappings to Roles 
working. Also, if I even try the example filter 
"(objectClass=group)" - that breaks it again

Thanks

Jason

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/abaa8a07-0caf-41e0-a2bb-562938657321%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Extractors: Add field with static content

2015-09-08 Thread Drew Miranda 
I believe a static field can be configured per input. I don't have the web 
interface in front of me to verify. A static field configured on an input will 
be set for every message and can't be filtered with extractor rules.

A more flexible alternative may be to use drools rules to add static fields by 
using filters. Check the documentation on configuring your drl file.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c1d7de7b-ade6-4f3d-b3b0-e367ba45d8a5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY when using HTTPS for web interface

2015-09-08 Thread Drew Miranda 
Thanks as well! Took a bit of fiddling before I checked here.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/a1b7b221-f8a8-434b-9992-6c1ca58df14c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: upgrading graylog-server from 1.16 to 1.2rc4 totally broke all LDAP access

2015-09-08 Thread Drew Miranda 
I just upgraded to 1.2 rc2 so I'll check my configuration tomorrow and see if 
it is helpful to you. For what it's worth the upgrade worked and ldap login and 
group mappings worked.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/a279bcf6-8a28-474b-b14c-0752d04b0d13%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] LDAP authentication with Graylog 1.2 RC2

2015-09-08 Thread Yves Louis ROFORT 
Jochen, Kay

Yes Kay, it's that problem.
Thanks Jochen for the information, I'll try the 1.2RC4 ASAP.

Thanks for your answers.

Regards,
Yves Louis

2015-09-08 16:20 GMT+02:00 Kay Röpke :

> Yves Louis,
>
> I think I know what you are referring to now on the edit user page:
>
> This is actually an oversight, yes, I’ll see to it that it gets fixed
> until the final release.
>
> cheers,
> Kay
>
> On 08 Sep 2015, at 16:11, Jochen Schalanda  wrote:
>
> Hi Yves,
>
> the automatic migration of legacy user accounts to the new scheme has been
> added in Graylog 1.2.0-rc.3. I'd recommend upgrading to Graylog 1.2.0-rc.4
> in your case to verify that the problem has been solved.
>
>
> Cheers,
> Jochen
>
> On Tuesday, 8 September 2015 15:19:36 UTC+2, yvesloui...@gmail.com wrote:
>>
>> Hi Kay,
>>
>> Thanks for your answer, I will check again, I may have missed something.
>> (I hane no lines with "Migrating permissions" in my logs)
>>
>> I used graylog 1.1.0, and with 1.2RC2, when editing an old user, I have
>> the warning "This user was created from an external system and you can't
>> change the roles here. Please update the LDAP group mapping to make changes
>> or contact an administrator for more information.".
>> Same result with a ldap user created with 1.2RC2.
>>
>> I keep you informed if I find something.
>>
>> Thanks,
>>
>> Best Regards,
>> Yves Louis
>>
>>
>> Le mardi 8 septembre 2015 14:38:45 UTC+2, Kay Roepke a écrit :
>>>
>>> Hi!
>>>
>>> Old users should have been migrated to the new permission system
>>> automatically, please check your graylog server log file. It should contain
>>> lines like:
>>> "INFO  [UserPermissionMigrationPeriodical] Migrating permissions to
>>> roles for user"
>>>
>>> You can use roles without LDAP group mapping, yes. Simply create the
>>> roles and then assign them to users by hand.
>>> LDAP group mapping is supposed to make it easier to integrate but is not
>>> required.
>>>
>>> We have not encountered any problems with group mapping so far, are
>>> there any errors in the graylog server log?
>>>
>>> Best regards,
>>> Kay
>>>
>>> On Tuesday, 8 September 2015 14:20:23 UTC+2, yvesloui...@gmail.com
>>> wrote:

 Hi,

 I tried quickly the graylog 1.2 RC2, but I had a bloquant problem with
 authentication.

 Does the ldap authentication strategy will change in near future  ?
  - Can we use ldap authentication with users without ldap group ?
  - Can we create groups but not ldap groups ?

 (The old users can't no more connect to graylog-web due to deprecated
 permissions)

 Best regards

 Yves Louis ROFORT

>>>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/2d999f59-3b98-4018-8deb-9d6ae52bffc6%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/78D6D2F6-6025-4325-93E0-71584159593B%40gmail.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CANzaAgOf%2B3s7vw5XzPD47RSZ5XmqN8PEguHMMfeOtDs%2B7qWVQQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] elasticsearch version requirements

2015-09-08 Thread Mike Daoust 
Is it documented anywhere which versions of elasticsearch are suggested for 
graylog?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/16e94ff6-2089-426a-96fb-0ba2e832888a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.