[graylog2] Re: Filter or Drop messages from a specific source
Are there any errors or related log messages in the graylog server log? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/3323b2f1-ec1a-4a0b-8b08-eb989a877b83%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Problem upgrading to Graylog 1.2 on Debian 8
Hello, I have problem with upgrading graylog to v1.2 on Debian. I've downloaded package *graylog-1.2-repository-debian8_latest.deb*, but when I try to install it - I've got only error like this below: dpkg: error processing archive graylog-1.2-repository-debian8_latest.deb (--install): trying to overwrite '/etc/apt/trusted.gpg.d/graylog-keyring.gpg', which is also in package graylog-1.1-repository-debian7 1.2.0-3 I'm using Debian 8.2 - I know that I was using graylog-repository for debian 7, but there was no available deb for debian 8. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/57dd116f-1225-4069-92b0-8fd8b183f2de%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Anyone attempted to use AWS cloudsearch service to back graylog rather than clustering elasticsearch?
Curious if anyone has attempted and the results. We are looking to vet this idea out a bit. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/65ebdecb-1785-4b5a-be4c-bbebbcfbc9be%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: [ANNOUNCE] Graylog v1.2 has been released
Hi Ivan, the entity configurations are 100% compatible with previous versions of Graylog 1.x. If you find any incompatibilities, it's considered a bug and a bug report at https://github.com/Graylog2/graylog2-server/issues would be greatly appreciated. Cheers, Jochen On Tuesday, 15 September 2015 19:46:05 UTC+2, ivan morozov wrote: > > Great news! > Are the dashboard configurations/ extractors / input streams config/ > backward compatible ? > > Am Dienstag, 15. September 2015 16:23:15 UTC+2 schrieb lennart: >> >> Hey everybody, >> >> we have just released the final version of Graylog v1.2. Find all >> information and release notes in the announcement blog post: >> >> * >> https://www.graylog.org/announcing-graylog-1-2-ga-release-includes-30-new-features/ >> >> >> Thanks, >> The Graylog team >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/30c601e4-3218-49b7-ad62-2b060ec6fdfd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Graylog extractors/ Grok patterns
Update: I checked mongo data in probably found the previous node id in this format: d3545119-5bb3-11e5-93ad-0242ac110007 After restarting the container with this node_id as parameter i have a bunch of 2015-09-15_18:19:03.79065 java.util.concurrent.ExecutionException: org. graylog2.database.NotFoundException: org.elasticsearch.indices. IndexMissingException: [graylog_57] missing Exceptions. Am Dienstag, 15. September 2015 17:17:37 UTC+2 schrieb ivan morozov: > > Hey Jochen, > > another question: > > In case the Graylog node ID was generated automatically from the docker > configuration, but the graylog data and logs folder was mounted on the host > machine. What is a good work around to find > out the GRAYLOG_NODE_ID that was generated previously. My Plan is to to > start the docker container again and set the previous generated > GRAYLOG_NODE_ID as static node id to make graylog use the old configs. > > Thank you in advance > Ivan > > Am Mittwoch, 9. September 2015 17:30:32 UTC+2 schrieb ivan morozov: >> >> Thank you Jochen! >> >> Am Mittwoch, 9. September 2015 17:18:29 UTC+2 schrieb Jochen Schalanda: >>> >>> Hi Ivan, >>> >>> extractors and Grok patterns are stored in MongoDB and at least >>> extractors are linked to the inputs. Please make sure that you also use an >>> external data volume for MongoDB's data files and that the Graylog node ID >>> doesn't change with every start (see GRAYLOG_NODE_ID at >>> http://docs.graylog.org/en/1.1/pages/installation/docker.html#additional-options >>> ). >>> >>> >>> Cheers, >>> Jochen >>> >>> On Wednesday, 9 September 2015 16:44:57 UTC+2, ivan morozov wrote: Hi @all, im using graylog all in one docker. To ensure persistence i have mounted data and log folder at my host machine... after stop and restart docker the dashboards are still there (thats the good news) but my extractors and grok patterns are not more inside. My question is how to keep extractors in this case because create them again and again is really annoying. Best Ivan >>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/363c53d6-9766-40fb-98a0-3f1a2febc774%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Filter or Drop messages from a specific source
It seems these drools rules have stopped working after one of the recent upgrades of graylog. I'm on version 1.2 now but I wasn't able to get the rules working in the last version as well. Any tips? Here is my rules file: import org.graylog2.plugin.Message rule "Drop host dhcpd" when m : Message( source == "dhcpd:" ) then m.setFilterOut(true); System.out.println( "[Drop host dhcpd] : " + m.toString() ); end rule "Drop host firewall" when m : Message( source == "firewall:" ) then m.setFilterOut(true); System.out.println( "[Drop host firewall] : " + m.toString() ); end On Tuesday, July 14, 2015 at 12:47:55 AM UTC-4, Pete GS wrote: > > Sorry for waking up an older thread... however I have an LDAP server out > of my controller which is absolutely smashing my Graylog servers due to a > misconfigured logging level. Unfortunately the sys admins for this server > are pretty much unresponsive so I think my only choice is to drop this via > the drools rules. > > Quick question before I do this though... how expensive are the drools > rules to process? Does it get dropped/filtered prior to the actual message > processing? Or does it still get processed and then dropped? > > Cheers, Pete > > On Saturday, 2 May 2015 06:02:51 UTC+10, Stephen Fox wrote: >> >> http://docs.graylog.org/en/1.0/pages/drools.html >> >> Its somewhat documented. There are a few examples on that page as well >> but I wish there were more examples. >> >> Rule documentation here: >> >> http://docs.jboss.org/drools/release/5.5.0.Final/drools-expert-docs/html/ch04.html >> >> It would be cool If graylog2 had the feature to filter out messages in >> the web interface rather than hacking around in drool rules. >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/350014fa-dc8e-4aa8-82f8-b0e35b7d2351%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Graylog extractors/ Grok patterns
Hey Jochen, another question: In case the Graylog node ID was generated automatically from the docker configuration, but the graylog data and logs folder was mounted on the host machine. What is a good work around to find out the GRAYLOG_NODE_ID that was generated previously. My Plan is to to start the docker container again and set the previous generated GRAYLOG_NODE_ID as static node id to make graylog use the old configs. Thank you in advance Ivan Am Mittwoch, 9. September 2015 17:30:32 UTC+2 schrieb ivan morozov: > > Thank you Jochen! > > Am Mittwoch, 9. September 2015 17:18:29 UTC+2 schrieb Jochen Schalanda: >> >> Hi Ivan, >> >> extractors and Grok patterns are stored in MongoDB and at least >> extractors are linked to the inputs. Please make sure that you also use an >> external data volume for MongoDB's data files and that the Graylog node ID >> doesn't change with every start (see GRAYLOG_NODE_ID at >> http://docs.graylog.org/en/1.1/pages/installation/docker.html#additional-options >> ). >> >> >> Cheers, >> Jochen >> >> On Wednesday, 9 September 2015 16:44:57 UTC+2, ivan morozov wrote: >>> >>> Hi @all, >>> >>> im using graylog all in one docker. To ensure persistence i have >>> mounted data and log folder at my host machine... >>> after stop and restart docker the dashboards are still there (thats the >>> good news) but my extractors and grok patterns are not more inside. >>> >>> My question is how to keep extractors in this case because create them >>> again and again is really annoying. >>> >>> Best >>> Ivan >>> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/f8984d5b-aad6-443d-964c-a51b31e52f66%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Unable to get the graylog web interface login page.
Hi Jochen,
I have not made any change to the code, simply compiled it using typesafe
activator and the made a jar from the compiled code.
I also compared my jar(graylog-web-interface.graylog-web-interface-1.1.6)
with the official jar(graylog-web-interface.graylog-web-interface-1.1.6)
and my jar was missing the routes file so I copied the official routes file
into my custom compiled code and the bundled it to make a jar. Can this be
the reason for the issue.??? Can you please suggest me what could be the
possible reason for this issue, so that I can go ahead to solve this. As
off now I have no idea where to look for the cause of this error
On Monday, 14 September 2015 18:09:34 UTC+5:30, Jochen Schalanda wrote:
>
> Hi Anant,
>
> I can't reproduce your problem with the official Graylog 1.1.6 web
> interface, so I guess it's because of some changes you've made to the code
> of your custom compiled version.
>
>
> Cheers,
> Jochen
>
> On Monday, 14 September 2015 14:10:29 UTC+2, Anant Sawant wrote:
>>
>> Hi,
>>
>> I am running Graylog 1.1.6 server component and Graylog web component
>> 1.1.6 which I have compiled.
>> I am running this on ubuntu 14.04.1. For this I have installed
>> Elasticsearch 1.7.1, mongodb version v3.0.6 and Java 1.8.0_60. The Graylog
>> 1.1.6 server component, Graylog web component 1.1.6, Mongod and
>> Elasticsearch are on the same machine. For configuration I have referred
>> http://docs.graylog.org/en/1.2/pages/installation/manual_setup.html#configuring-the-web-interface.
>>
>> As per this document Graylog 1.1.6 server component and Graylog web
>> component 1.1.6 both are running well/as expected as I can see the expected
>> result on the console, also the logs shows no errors. Following are the
>> logs that I got on the console for server and web component respectively.
>>
>> ubuntu@ubuntu:/opt/graylog-server-1.1.6$ sudo service elasticsearch status
>> * elasticsearch is running
>> ubuntu@ubuntu:/opt/graylog-server-1.1.6$ sudo service mongod status
>> mongod start/running, process 758
>> ubuntu@ubuntu:/opt/graylog-server-1.1.6$ sudo java -jar graylog.jar server
>> 2015-09-14 15:29:32,036 INFO : org.graylog2.bootstrap.CmdLineTool -
>> Loaded plugins: [Anonymous Usage Statistics 1.1.1
>> [org.graylog.plugins.usagestatistics.UsageStatsPlugin]]
>> 2015-09-14 15:29:32,325 INFO : org.graylog2.bootstrap.CmdLineTool -
>> Running with JVM arguments:
>> 2015-09-14 15:29:35,643 INFO :
>> org.graylog2.shared.system.stats.SigarService - Failed to load SIGAR.
>> Falling back to JMX implementations.
>> 2015-09-14 15:29:43,437 INFO :
>> org.graylog2.shared.buffers.InputBufferImpl - Message journal is enabled.
>> 2015-09-14 15:29:45,351 INFO : kafka.log.LogManager - Found clean
>> shutdown file. Skipping recovery for all logs in data directory
>> '/opt/graylog-server-1.1.6/data/journal'
>> 2015-09-14 15:29:45,357 INFO : kafka.log.LogManager - Loading log
>> 'messagejournal-0'
>> 2015-09-14 15:29:45,760 INFO : org.graylog2.shared.journal.KafkaJournal -
>> Initialized Kafka based journal at data/journal
>> 2015-09-14 15:29:45,869 INFO :
>> org.graylog2.shared.buffers.InputBufferImpl - Initialized InputBufferImpl
>> with ring size <65536> and wait strategy , running 2
>> parallel message handlers.
>> 2015-09-14 15:29:47,182 INFO : org.graylog2.plugin.system.NodeId - Node
>> ID: 996299ed-68ea-4a64-a1e6-74f6cb5cefc9
>> 2015-09-14 15:29:48,193 INFO : org.elasticsearch.node - [graylog2-server]
>> version[1.6.2], pid[1629], build[6220391/2015-07-29T09:24:47Z]
>> 2015-09-14 15:29:48,194 INFO : org.elasticsearch.node - [graylog2-server]
>> initializing ...
>> 2015-09-14 15:29:48,668 INFO : org.elasticsearch.plugins -
>> [graylog2-server] loaded [graylog2-monitor], sites []
>> 2015-09-14 15:29:57,310 INFO : org.elasticsearch.node - [graylog2-server]
>> initialized
>> 2015-09-14 15:29:57,331 INFO : org.graylog2.shared.buffers.ProcessBuffer
>> - Initialized ProcessBuffer with ring size <65536> and wait strategy
>> .
>> 2015-09-14 15:30:04,824 INFO :
>> org.graylog2.bindings.providers.RulesEngineProvider - No static rules file
>> loaded.
>> 2015-09-14 15:30:05,033 INFO : org.graylog2.buffers.OutputBuffer -
>> Initialized OutputBuffer with ring size <65536> and wait strategy
>> .
>> 2015-09-14 15:30:06,414 INFO :
>> org.hibernate.validator.internal.util.Version - HV01: Hibernate
>> Validator 5.1.3.Final
>> 2015-09-14 15:30:08,527 INFO : org.graylog2.bootstrap.ServerBootstrap -
>> Graylog server 1.1.6 (${git.commit.id.abbrev}) starting up. (JRE: Oracle
>> Corporation 1.8.0_60 on Linux 3.13.0-32-generic)
>> 2015-09-14 15:30:08,745 INFO :
>> org.graylog2.shared.initializers.PeriodicalsService - Starting 21
>> periodicals ...
>> 2015-09-14 15:30:08,752 INFO : org.graylog2.periodical.Periodicals -
>> Starting [org.graylog2.periodical.ThroughputCounterManagerThread]
>> periodical in [0s], polling every [1s].
>> 2015-09-14 15:30:08,762 INFO :
[graylog2] Re: [ANNOUNCE] Graylog v1.2 has been released
Great news! Are the dashboard configurations/ extractors / input streams config/ backward compatible ? Am Dienstag, 15. September 2015 16:23:15 UTC+2 schrieb lennart: > > Hey everybody, > > we have just released the final version of Graylog v1.2. Find all > information and release notes in the announcement blog post: > > * > https://www.graylog.org/announcing-graylog-1-2-ga-release-includes-30-new-features/ > > > Thanks, > The Graylog team > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/232849b7-dfa5-4af7-a7b3-440cb852d069%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] extending disk of OVA deployed Graylog server (a newbie How-To)
Hi, New to Graylog, and not really a Linux user/admin. My LAB deployment quickly ran out of disk space. I searched the web and the documentation for a how to extend the disk, but could not find a Step by Step guide. I ended up doing it the following way - I have posted it in-case it can be helpful to other newbies. Any comments much appreciated. *shut down the VM (just incase you mess something up :) )* *take a snapshot* *attach new disk in vmware* *start the VM* *stop graylog services:* sudo graylog-ctl stop *identify new disk disk (a good bet is that it will be sdb):* sudo lshw -class disk *Output:* *-disk description: SCSI Disk physical id: 0.0.0 bus info: scsi@2:0.0.0 *logical name: /dev/sdb* size: 100GiB (107GB) configuration: sectorsize=512 *-disk description: ATA Disk product: VMware Virtual I physical id: 0.0.0 bus info: scsi@0:0.0.0 logical name: /dev/sda version: 0001 serial: 0001 size: 19GiB (20GB) capabilities: partitioned partitioned:dos configuration: ansiversion=5 sectorsize=512 signature=00040ebf *In this case the new disk is called /dev/sdb* *format new disk (replace sdb with the disk found with the lshw command):* sudo mkfs.ext4 /dev/sdb *create temp mount point for new disk:* sudo mkdir /mnt/newData *mount disk to temp mount point* sudo mount /dev/sdb /mnt/newData *go to single user mode (might not be necessary, will kill SSH so do it from console):* sudo init 1 *copy data to new drive* sudo cd /var/opt/graylog/data sudo cp –ax * /mnt/newData *compare the 2 folders* sudo diff –qr –suppress-common-lines /var/opt/graylog/data /mnt/newData *Output should be something like:* *Only in /mnt/newData: lost+found* *delete old data folder (to free up disk space on the initial disk)* sudo rm –r -f /var/opt/graylog/data *make new mount point* mkdir /var/opt/graylog/data *unmount the temp location* umount /dev/sdb *mount the new disk to the real location* mount /dev/sdb /var/opt/graylog/data *edit fstab to make the mount persistent:* nano /etc/fstab *add the folowing line into fstab* /dev/sdb /var/opt/graylog/data ext4defaults 0 0 *reboot server* sudo shutdown –r now -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/9c1e08f9-bb8d-47b8-a338-6395649cc30e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] [ANNOUNCE] Graylog v1.2 has been released
Hey everybody, we have just released the final version of Graylog v1.2. Find all information and release notes in the announcement blog post: * https://www.graylog.org/announcing-graylog-1-2-ga-release-includes-30-new-features/ Thanks, The Graylog team -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CADRA1n%3DAdEuWBcuRvOP2N1E6v_VxyH6EG3JSSxQCPGrO5E3KFQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
